如何阻止对Tomcat侦听端口的访问,并仅允许localhost? [英] How to block access to Tomcat listening port, and allow localhost only?
问题描述
我有一个运行在Tomcat上并侦听8080端口的应用程序。我在Apache级别(httpd)上进行了重定向更改,以使我的用户只能键入 http:// app
而不是 http:// app:8080
。
I have an application running on Tomcat and listening on port 8080. I made the redirect changes on the Apache level (httpd) to provide my users with the ability to only type http://app
instead of http://app:8080
.
现在我要阻止完全访问 http:// app:8080
,因此用户将无法访问 http:// app :8080
。
Now I want to block access completely to http://app:8080
, so users won't be able to reach http://app:8080
.
我该怎么做?
推荐答案
您可以使用iptables阻止端口,
You can blocking a port using Iptables,
iptables -A INPUT/ -p tcp --dport 8080 -j DROP
考虑到它在操作系统级别,这是相当安全的
Which is quite secured consider it's on OS level,
或您可以修改tomcat的配置,
or you can modify tomcat config,
<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192"
仅允许localhost访问8080(如果要使用经理应用等)
to only allow localhost access 8080, (in case you want to use the manager app etc)
这篇关于如何阻止对Tomcat侦听端口的访问,并仅允许localhost?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!