Re: Tomcat 8.5 disabling port 80 listening

Wed, 29 Jan 2020 08:22:53 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Nitin,

On 1/29/20 10:49 AM, Nitin Kadam wrote:
> I have a tomcat 8.5 server configured in the production
> environment. As per requirement, we need to disable all 80 port
> listening from the application and only https (443) to be allowed.

Requirements are requirements, but this one is a bad idea.

https://scotthelme.co.uk/why-closing-port-80-is-bad-for-security/

> I have implemented SSL and the same is working fine. however,
> still, tomcat is showing listening on 80. so can we disable
> (comment ) port 80 connector from server.xml which will only allow
> access to the portal with Https.
> 
> From : <Connector port="80" protocol="HTTP/1.1" 
> connectionTimeout="20000" redirectPort="443" /> To : <!-- 
> <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" 
> redirectPort="443" /> -->

Did you restart Tomcat?

Since you are binding to port 80, I have to ask if you are running as
root. If you have a "security" requirement for closing port 80, you
have  a MUCH MORE URGENT SECURITY REQUIREMENT TO NOT RUN AS root.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4xsUAACgkQHPApP6U8
pFgHtQ//V4JVHP14XOESIvRt6tRorkeM1j8q+7nQ55NzQPZeUqFm80b0Xgp0wgQk
FbiKKKNmT93nKcGmJZzuzi9Vv67SDbxiyUztJUw6qcdfCm8tAuNgWMOwYC6alIZr
CLYsJ5QJuxEEAI6tSOcaZu6HQ5rL41XLo2rOYnPGOgxyLQuQBbGcp9o5vPsCJFbm
FH1TbYXllMUZPlUCvFktrePNu5l1sNOn5+3WRfkkGmnH1S8KN1udPQQytA7iLmGZ
/kAg/xP4Y6PuT1e0GjVHMd1KogtLsLZmNmuKOyMEiSQ4uXHc6BGUpZZMl+vi1MK+
0NN16xyNe+DkU8nwdT2zus8WGOW+3p441Zqn2GnOuZPVAqaTSQS/1jyHIOtHSWmR
6IpICCE5IFJIX4RRLwEErwG5moHSehkFuRPLUZj743meyZuu39iqqv5OfE+ctUyM
Tn/9QwIqrNIhKi9rgh5xU1X6lx4luVpWJLuXR1qBSjHiSkb1zouPxklFhSpo0b0K
QKeMIXTlc9UdUAUCGjcYcmVSb/BDDj0nMH0P+OgAzsHGZo1/XhVPdha8tqgVETCg
CytCSW4I0oxR/cS46EEJzYHERsYEG3573GY9QjcEASk/uRuLwO1noaRaPWFUHXkv
vLISdZYeU9VT7SfhulotPIDOV5y0DFXed5uJZ8o5xBeyO2oeXIc=
=SG7D
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to