如何阻止访问 Tomcat 侦听端口,并仅允许 localhost? [英] How to block access to Tomcat listening port, and allow localhost only?
问题描述
我有一个应用程序在 Tomcat 上运行并监听端口 8080.我在 Apache 级别 (httpd) 上进行了重定向更改,以使我的用户能够仅键入 http://app
而不是 http://app:8080
.
I have an application running on Tomcat and listening on port 8080. I made the redirect changes on the Apache level (httpd) to provide my users with the ability to only type http://app
instead of http://app:8080
.
现在我想阻止对http://app:8080
的访问,这样用户将无法访问http://app:8080
.
Now I want to block access completely to http://app:8080
, so users won't be able to reach http://app:8080
.
我该怎么做?
推荐答案
您可以使用 iptables
阻止端口,考虑到它在操作系统级别,这是非常安全的:
You can block a port using iptables
, which is quite secure considering it's on OS level:
iptables -A INPUT/ -p tcp --dport 8080 -j DROP
或者你可以在tomcat
的配置中(在server.xml
中)注释8080连接器:
Or you can comment the 8080 connector in tomcat
’s configuration (in server.xml
):
<!--
<Connector port="8080" …
/>
-->
或者您可以只限制对本地主机的访问(以防您想使用管理器应用程序等):
Or you can just limit access to localhost (in case you want to use the manager app, etc.):
<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192" />
(之后不要忘记重启tomcat
).
(don’t forget to restart tomcat
afterwards).
这篇关于如何阻止访问 Tomcat 侦听端口,并仅允许 localhost?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!