How to block access to Tomcat listening port, and allow localhost only?

You can block a port using iptables, which is quite secure considering it's on OS level:

iptables -A INPUT/ -p tcp --dport 8080 -j DROP

Or you can comment the 8080 connector in tomcat’s configuration (in server.xml):

<!--
<Connector port="8080" …
    />
-->

Or you can just limit access to localhost (in case you want to use the manager app, etc.): 

<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192" />

(don’t forget to restart tomcat afterwards).


Just for completeness you might want to configure the AJP Connector in a similar way or disable it in server.xml

Tags:

Tomcat

Access Control

Recent Posts