How to block access to Tomcat listening port, and allow localhost only?

tomcat access-control
nav.jdwdw picture nav.jdwdw · Jul 24, 2011 · Viewed 29.8k times · Source

I have an application running on Tomcat and listening on port 8080. I made the redirect changes on the Apache level (httpd) to provide my users with the ability to only type http://app instead of http://app:8080.

Now I want to block access completely to http://app:8080, so users won't be able to reach http://app:8080.

How do I do that?

Answer

Will picture Will · Jul 25, 2011

You can block a port using iptables, which is quite secure considering it's on OS level:

iptables -A INPUT/ -p tcp --dport 8080 -j DROP

Or you can comment the 8080 connector in tomcat’s configuration (in server.xml):

<!--
<Connector port="8080" …
    />
-->

Or you can just limit access to localhost (in case you want to use the manager app, etc.): 

<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192" />

(don’t forget to restart tomcat afterwards).

Related questions

How can I restrict access to certain URLs by source IP in Tomcat?

I want to restrict access to certain URLs in my Tomcat webapp. Only 3 known IP addresses should be allowed access to URLs that fit a certain pattern. e.g. http://example.com:1234/abc/personId How can I achieve this?

Read More
How to deploy a war file in Tomcat 7

I have copied the sample.war file into the webapps directory of Tomcat, and I can access localhost:8080. Now how will Tomcat deploy it, I mean do I need to open it in browser? How can I access the application?

Read More
Several ports (8005, 8080, 8009) required by Tomcat Server at localhost are already in use

I'm getting the following error when I try to run a simple JSP program on Tomcat in Eclipse. Several ports (8005, 8080, 8009) required by Tomcat v6.0 Server at localhost are already in use. The server may already be running in another process, …

Read More