Tomcat security restricted access


By default Tomcat is listening on all interfaces. That can be a problem!


Bind Tomcat to an interface

This easiest way to bind Tomcat to an interface is to set the IP@ on the connector(s).


Edit your server.xml configuration:

  • Automatic install: /etc/tomcat7/server.xml
  • Manual install: /opt/tomcat-base/server.xml
vim $TOMCAT/server.xml


Add the address="127.0.0.1":

<Connector port="8080" protocol="HTTP/1.1" 
           address="127.0.0.1"
           connectionTimeout="20000"
           redirectPort="8443" />

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" 
           address="127.0.0.1" 
           protocol="AJP/1.3" redirectPort="8443" />

<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
           address="127.0.0.1"
           port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />