Difference between revisions of "Tomcat security restricted access"

(Created page with "Category:Linux Category:Development By default Tomcat is listening on '''all''' interfaces. That can be a problem! =Bind Tomcat to an interface= This easiest way...")
 
(No difference)

Latest revision as of 10:57, 1 April 2015


By default Tomcat is listening on all interfaces. That can be a problem!


Bind Tomcat to an interface

This easiest way to bind Tomcat to an interface is to set the IP@ on the connector(s).


Edit your server.xml configuration:

  • Automatic install: /etc/tomcat7/server.xml
  • Manual install: /opt/tomcat-base/server.xml
vim $TOMCAT/server.xml


Add the address="127.0.0.1":

<Connector port="8080" protocol="HTTP/1.1" 
           address="127.0.0.1"
           connectionTimeout="20000"
           redirectPort="8443" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" 
           address="127.0.0.1" 
           protocol="AJP/1.3" redirectPort="8443" />

<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
           address="127.0.0.1"
           port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />