如何阻止对Tomcat侦听端口的访问，并仅允许localhost？ [英] How to block access to Tomcat listening port, and allow localhost only?

问题描述

我有一个运行在Tomcat上并侦听8080端口的应用程序。我在Apache级别（httpd）上进行了重定向更改，以使我的用户只能键入 http：// app 而不是 http：// app：8080 。

I have an application running on Tomcat and listening on port 8080. I made the redirect changes on the Apache level (httpd) to provide my users with the ability to only type http://app instead of http://app:8080.

现在我要阻止完全访问 http：// app：8080 ，因此用户将无法访问 http：// app ：8080 。

Now I want to block access completely to http://app:8080, so users won't be able to reach http://app:8080.

我该怎么做？

推荐答案

您可以使用iptables阻止端口，

You can blocking a port using Iptables,

iptables -A INPUT/ -p tcp --dport 8080 -j DROP

考虑到它在操作系统级别，这是相当安全的

Which is quite secured consider it's on OS level,

或您可以修改tomcat的配置，

or you can modify tomcat config,

<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192"

仅允许localhost访问8080（如果要使用经理应用等）

to only allow localhost access 8080, (in case you want to use the manager app etc)

这篇关于如何阻止对Tomcat侦听端口的访问，并仅允许localhost？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！