Knowledgebase
Security for tomcat7
Posted by Christopher Ravnborg on 04 December 2013 11:42

By default, Tomcat servers listen on localhost to Port 8005 for shutdown commands.  This address is configured via the Server component's "port" attribute:

<Server port="VALUE" .../>

If your scenario allows it, setting the port to "-1" will better secure your server from unintended shutdowns.  With this configuration, Tomcat can only be shutdown via the Terminal by the User that owns the Tomcat process, via a "kill" command.  This standard kill will trigger an identical graceful shutdown process to issuing the shutdown command, but in a more secure fashion.

An example could be:

<Server port="-1" shutdown="SHUTDOWN">

If you need the ability to shutdown remotely, change the default shutdown command.

And example could be:

<Server port="8005" shutdown="SOMETHINGELSETHANJUSTSHUTDOWN">

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: