开发者

How to configure Jetty server to forbid connections external to the web-app development server?

问答 作者:

I'm developing a Java web application using Jetty as the application server on a Windows 7 machine and running it on localhost:8080.

For security purposes - to make sure my app is not visible to others - I want to be sure that it is binding to localhost:8080 (i.e., 127.0.0.1), not all interfaces (which I'm told is probably the default).

I've read that if you only bind to 127.0.0.1, the port will not be open for people scanning your external IP address and so the app will essentially be invisible except to me while I'm developing (while working on a laptop in a coffee shop, for example).

What I don't know is how to do this in Jetty.

I've heard that server programs usually have an option to say which IP addresses to bind.

So I tried adding the following jetty-web.xml to my web app's WEB-INF directory but I can't tell if it had an effect or not. Both before and after adding this, netstat -an says that it is LISTENING on 8080:

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">

<Configure class="org.mortbay.jetty.servlet.WebApplicationContext">

    <!-- Uncomment to restrict context by real host -->
    <Set name="Hosts">
      <Array type="java.lang.String">
        <Item>127.0.0.1&l开发者_如何学编程t;/Item>
      </Array>
    </Set>  


    <!-- uncomment to map context by virtual host.
    <Set name="virtualHosts">
      <Array type="java.lang.String">
        <Item></Item>
        <Item>127.0.0.1</Item>
        <Item>localhost</Item>
        <Item>www.acme.com</Item>
      </Array>
    </Set>
    -->

</Configure>

A better way to address this is with a firewall in your OS. If you don't want people connecting from externally to port 8080, then block it in the firewall. If you are running services on your laptop and using it in an untrusted network anyway, I hope you would be using a firewall to prevent access you don't intend. This way you can block access in one place rather than in the configuration for each and every application that listens on a port.

继续阅读:jettysecuritywindows-7

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9