Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to configure tomcat security in the case of linux. The article is rich in content and analyzes and describes it from a professional point of view. I hope you can get something after reading this article.

0x01 deletes the default directory

After installing tomcat, delete all default directory files rm-rf / srv/apache-tomcat/webapps/* under $CATALINA_HOME/webapps

0x02 user Management

If you do not need to deploy applications through web, it is recommended to annotate or delete the configuration related to user rights under tomcat-users.xml.

Method 1 of hiding tomcat version information by 0x03

Modify $CATALINA_HOME/conf/server.xml to add the server field to the Connector node. The example is as follows

Method two

Modify $CATALINA_HOME/lib/catalina.jar::org/apache/catalina/util/ServerInfo.properties by default as shown in the figure

Users can customize and modify the server.info field and server.number field, as shown in the following figure.

0x04 turns off automatic deployment

If automatic deployment is not required, it is recommended that you turn off the automatic deployment feature.

In the host field in $CATALINA_HOME/conf/server.xml, modify unpackWARs= "false" autoDeploy= "false".

0x05 Custom error Page

Modify web.xml, customize 40x, 50x and other fault-tolerant pages to prevent information disclosure.

0x06 forbids column directories (higher version is prohibited by default)

Modify web.xml

0x07 AJP Port Management

AJP is a protocol customized for communication between Tomcat and HTTP server, which can provide high communication speed and efficiency.

If the front end of the tomcat is apache, the connector AJP will be used.

The front end does not need to use this connector if it is a reverse proxy done by nginx, so you need to unregister the connector.

Access control of 0x08 service

Tomcat starts with non-root permissions, and the application deployment directory permissions are separated from the tomcat service startup users, for example, tomcat is started as a tomcat user, while the deployed application directory is set to nobody user 750.

0x09 enables the HttpOnly property of cookie

Modify $CATALINA_HOME/conf/context.xml and add, as shown in the following figure

Test result

Configure the secure property of cookie, and the sesion-config node configures cooker-config in web.xml, which only allows cookie to transmit in encrypted mode.

Test result

The above is the editor for you to share how to configure tomcat security in the case of linux. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.