tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lapo TIN" <>
Subject tomcat and security
Date Thu, 12 May 2005 15:10:14 GMT
I would like to "limit" tomcat features as much as possible for avoiding undesiderables external
accesses to the web server.
I want that only 2 servlets have to run on HTTPS, port 8443.
And these two servlets are simply replying to a GET with a static XML. Nothing more.
I define the ssl connector listening on port 8443, and create the 2 servlets.
Everything is running well, 
soo my intent is to close every other possibility of access (such as HTTP on 8080, manager
and admin from outside, etc...)

Is there a "list" somewhere of "tips of security" of tomcat ?
Or do you have any suggestion ?
thanks in advance.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message