How to secure Jetty to only allow access from loopback(localhost)
How can I secure jetty to only allow connections from localhost? This means a connection to server A on System A from Client B on System B has to fail. I know I can do this by configuring my firewall (so please no answers about this). I just want Jetty to only listen on localhost(loopback).
Answer
I found the answer to my question myself after a little bit more googling.
The answer is (Tested on jetty-distribution-7.0.1.v20091125):
- Locate jetty.xml (etc/jetty.xml)
- Search for
<Call name="addConnector"> - Set
<Set name="Host"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set>before line<Set name="port"><SystemProperty name="jetty.port"/></Set> - That's it. Restart jetty server (
java -jar start.jar). The server should output something like:
2009-12-23 23:02:09.291:INFO::Started [email protected]:8080
The import thing is that it should say 127.0.0.1 instead of 0.0.0.0, 0.0.0.0 means listen on all ips on the machine.
P.S: I wanted to secure apache solr (which is using jetty) which can be achieved in the same way.
You can also bind to localhost programmatically(embed jetty) by:
Server server = new Server();
Connector connector = new SelectChannelConnector();
connector.setHost("localhost");
connector.setPort(80);
server.addConnector(connector);