snipt

Ctrl+h for KB shortcuts

Text only

Securing the Tomcat

Tomcat uses a mechanism called valves to filter IP source addresses. A particular type of valve element called a remote address filter, can be inserted into the Tomcat processing stream to allow or deny access to the server. The remote address filter may be used in several different containers: Engine, Host, or Context.

If you wish to secure your server for localhost use only, add the following lines to the engine container. Edit the $CATALINA_HOME/conf/server.xml configuration file. Find the lines ....

<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="localhost" debug="0">

Add the following statements underneath ..

<!-- Allow only localhost to access this server -->
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,0:0:0:0:0:0:0:1%0,::1" />

For a complete description on the use of this mechanism see the Server Configuration Reference.
https://snipt.net/embed/bc167042c20ab1d689ac608ad45f7fb0/
/raw/bc167042c20ab1d689ac608ad45f7fb0/
bc167042c20ab1d689ac608ad45f7fb0
text
Text only
14
2019-06-17T10:37:03
True
False
False
/api/public/snipt/33629/
securing-the-tomcat
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><a href="#L-1"> 1</a> <a href="#L-2"> 2</a> <a href="#L-3"> 3</a> <a href="#L-4"> 4</a> <a href="#L-5"> 5</a> <a href="#L-6"> 6</a> <a href="#L-7"> 7</a> <a href="#L-8"> 8</a> <a href="#L-9"> 9</a> <a href="#L-10">10</a> <a href="#L-11">11</a> <a href="#L-12">12</a> <a href="#L-13">13</a></pre></div></td><td class="code"><div class="highlight"><pre><span></span><span id="L-1"><a name="L-1"></a>Tomcat uses a mechanism called valves to filter IP source addresses. A particular type of valve element called a remote address filter, can be inserted into the Tomcat processing stream to allow or deny access to the server. The remote address filter may be used in several different containers: Engine, Host, or Context. </span><span id="L-2"><a name="L-2"></a> </span><span id="L-3"><a name="L-3"></a>If you wish to secure your server for localhost use only, add the following lines to the engine container. Edit the $CATALINA_HOME/conf/server.xml configuration file. Find the lines .... </span><span id="L-4"><a name="L-4"></a> </span><span id="L-5"><a name="L-5"></a>&lt;!-- Define the top level container in our container hierarchy --&gt; </span><span id="L-6"><a name="L-6"></a>&lt;Engine name=&quot;Catalina&quot; defaultHost=&quot;localhost&quot; debug=&quot;0&quot;&gt; </span><span id="L-7"><a name="L-7"></a> </span><span id="L-8"><a name="L-8"></a>Add the following statements underneath .. </span><span id="L-9"><a name="L-9"></a> </span><span id="L-10"><a name="L-10"></a>&lt;!-- Allow only localhost to access this server --&gt; </span><span id="L-11"><a name="L-11"></a>&lt;Valve className=&quot;org.apache.catalina.valves.RemoteAddrValve&quot; allow=&quot;127.0.0.1,0:0:0:0:0:0:0:1%0,::1&quot; /&gt; </span><span id="L-12"><a name="L-12"></a> </span><span id="L-13"><a name="L-13"></a>For a complete description on the use of this mechanism see the Server Configuration Reference. </span></pre></div> </td></tr></table>
security, tomcat