如何阻止访问 Tomcat 侦听端口，并仅允许 localhost? [英] How to block access to Tomcat listening port, and allow localhost only?

问题描述

我有一个应用程序在 Tomcat 上运行并监听端口 8080.我在 Apache 级别 (httpd) 上进行了重定向更改，以使我的用户能够仅键入 http://app而不是 http://app:8080.

I have an application running on Tomcat and listening on port 8080. I made the redirect changes on the Apache level (httpd) to provide my users with the ability to only type http://app instead of http://app:8080.

现在我想阻止对http://app:8080的访问，这样用户将无法访问http://app:8080.

Now I want to block access completely to http://app:8080, so users won't be able to reach http://app:8080.

我该怎么做?

推荐答案

您可以使用 iptables 阻止端口，考虑到它在操作系统级别，这是非常安全的:

You can block a port using iptables, which is quite secure considering it's on OS level:

iptables -A INPUT/ -p tcp --dport 8080 -j DROP

或者你可以在tomcat的配置中(在server.xml中)注释8080连接器:

Or you can comment the 8080 connector in tomcat’s configuration (in server.xml):

<!--
<Connector port="8080" …
    />
-->

或者您可以只限制对本地主机的访问(以防您想使用管理器应用程序等):

Or you can just limit access to localhost (in case you want to use the manager app, etc.):

<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192" />

(之后不要忘记重启tomcat).

(don’t forget to restart tomcat afterwards).

这篇关于如何阻止访问 Tomcat 侦听端口，并仅允许 localhost?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！