You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Johan Martinez <jm...@gmail.com> on 2010/07/09 16:38:37 UTC

securing tomcat before public internet access

Hi,

I need to allow public internet access to my tomcat server / web
application. Although it would be restricted to set of trusted IPs
initially, later it may need to be open for public access. Is there any
guide for securing tomcat setup or steps needed before allowing public
access. Right now the only change I have made is changing default
tomcat-users.xml file used for authentication. Any other suggestions or
comments?

System: CentOS 5.4, Sun JDK 1.5, Tomcat 5.5.28 running on 8080 port, also
accessible through port 80 using AJP.

Thanks you,
jM.

Re: securing tomcat before public internet access

Posted by Mark Thomas <ma...@apache.org>.

On 09/07/2010 15:38, Johan Martinez wrote:
> Hi,
> 
> I need to allow public internet access to my tomcat server / web
> application. Although it would be restricted to set of trusted IPs
> initially, later it may need to be open for public access. Is there any
> guide for securing tomcat setup or steps needed before allowing public
> access. Right now the only change I have made is changing default
> tomcat-users.xml file used for authentication. Any other suggestions or
> comments?
> 
> System: CentOS 5.4, Sun JDK 1.5, Tomcat 5.5.28 running on 8080 port, also
> accessible through port 80 using AJP.

Upgrade to 5.5.30.
Upgrade to a supported JDK.

>From Tomcat 7 but most stuff translates:
http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org