How to block access to Tomcat listening port, and allow localhost only?

后端 未结 2 1216
醉酒成梦
醉酒成梦 2020-12-24 14:44

I have an application running on Tomcat and listening on port 8080. I made the redirect changes on the Apache level (httpd) to provide my users with the ability to only type

相关标签:
2条回答
  • 2020-12-24 15:09

    Just for completeness you might want to configure the AJP Connector in a similar way or disable it in server.xml

    0 讨论(0)
  • 2020-12-24 15:13

    You can block a port using iptables, which is quite secure considering it's on OS level:

    iptables -A INPUT/ -p tcp --dport 8080 -j DROP
    

    Or you can comment the 8080 connector in tomcat’s configuration (in server.xml):

    <!--
    <Connector port="8080" …
        />
    -->
    

    Or you can just limit access to localhost (in case you want to use the manager app, etc.):

    <Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192" />
    

    (don’t forget to restart tomcat afterwards).

    0 讨论(0)
提交回复
热议问题