开发者

How to configure Jetty server to forbid connections external to the web-app development server?

开发者 https://www.devze.com 2023-03-03 08:51 出处:网络
I\'m developing a Java web application using Jetty as the application server on a Windows 7 machine and running it on localhost:8080.

I'm developing a Java web application using Jetty as the application server on a Windows 7 machine and running it on localhost:8080.

For security purposes - to make sure my app is not visible to others - I want to be sure that it is binding to localhost:8080 (i.e., 127.0.0.1), not all interfaces (which I'm told is probably the default).

I've read that if you only bind to 127.0.0.1, the port will not be open for people scanning your external IP address and so the app will essentially be invisible except to me while I'm developing (while working on a laptop in a coffee shop, for example).

What I don't know is how to do this in Jetty.

I've heard that server programs usually have an option to say which IP addresses to bind.

So I tried adding the following jetty-web.xml to my web app's WEB-INF directory but I can't tell if it had an effect or not. Both before and after adding this, netstat -an says that it is LISTENING on 8080:

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">

<Configure class="org.mortbay.jetty.servlet.WebApplicationContext">

    <!-- Uncomment to restrict context by real host -->
    <Set name="Hosts">
      <Array type="java.lang.String">
        <Item>127.0.0.1&l开发者_如何学编程t;/Item>
      </Array>
    </Set>  


    <!-- uncomment to map context by virtual host.
    <Set name="virtualHosts">
      <Array type="java.lang.String">
        <Item></Item>
        <Item>127.0.0.1</Item>
        <Item>localhost</Item>
        <Item>www.acme.com</Item>
      </Array>
    </Set>
    -->

</Configure>


A better way to address this is with a firewall in your OS. If you don't want people connecting from externally to port 8080, then block it in the firewall. If you are running services on your laptop and using it in an untrusted network anyway, I hope you would be using a firewall to prevent access you don't intend. This way you can block access in one place rather than in the configuration for each and every application that listens on a port.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号