Archive

Posts Tagged ‘iptables’

Tomcat Behind Proxy: How to Block Direct Access

January 14th, 2014 No comments

As discussed in my last post, after installing and configuring Nginx as the reversed proxy server for Tomcat, it’s necessary to block remote access to the original port served by Tomcat. To achieve this, iptables should be a good solution. Simpler solution is to change one line in the Tomcat server configuration file so that Tomcat accepts only requests from local host.

With Tomcat 7 on Ubuntu, the configuration file is /var/lib/tomcat7/conf/server.xml. Just add address=”127.0.0.1″ into the related Connector section as follows:

Linux Firewall with iptables Command

January 12th, 2014 1 comment

After proxying a service with Nginx, it’s always a good idea to block the service from direct remote access. For example, you have a tomcat server running on port 8080, and you’ve configured Nginx to proxy requests from port 80 to port 8080. The port 8080 should then be blocked from any host except localhost.

To do this on Linux, one of the ways is to just install iptables. On Ubuntu, issue the following commands to install and add rules: