In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
In this issue, the editor will bring you about how to configure tomcat security in the case of linux. The article is rich in content and analyzes and describes it from a professional point of view. I hope you can get something after reading this article.
0x01 deletes the default directory
After installing tomcat, delete all default directory files rm-rf / srv/apache-tomcat/webapps/* under $CATALINA_HOME/webapps
0x02 user Management
If you do not need to deploy applications through web, it is recommended to annotate or delete the configuration related to user rights under tomcat-users.xml.
Method 1 of hiding tomcat version information by 0x03
Modify $CATALINA_HOME/conf/server.xml to add the server field to the Connector node. The example is as follows
Method two
Modify $CATALINA_HOME/lib/catalina.jar::org/apache/catalina/util/ServerInfo.properties by default as shown in the figure
Users can customize and modify the server.info field and server.number field, as shown in the following figure.
0x04 turns off automatic deployment
If automatic deployment is not required, it is recommended that you turn off the automatic deployment feature.
In the host field in $CATALINA_HOME/conf/server.xml, modify unpackWARs= "false" autoDeploy= "false".
0x05 Custom error Page
Modify web.xml, customize 40x, 50x and other fault-tolerant pages to prevent information disclosure.
0x06 forbids column directories (higher version is prohibited by default)
Modify web.xml
0x07 AJP Port Management
AJP is a protocol customized for communication between Tomcat and HTTP server, which can provide high communication speed and efficiency.
If the front end of the tomcat is apache, the connector AJP will be used.
The front end does not need to use this connector if it is a reverse proxy done by nginx, so you need to unregister the connector.
Access control of 0x08 service
Tomcat starts with non-root permissions, and the application deployment directory permissions are separated from the tomcat service startup users, for example, tomcat is started as a tomcat user, while the deployed application directory is set to nobody user 750.
0x09 enables the HttpOnly property of cookie
Modify $CATALINA_HOME/conf/context.xml and add, as shown in the following figure
Test result
Configure the secure property of cookie, and the sesion-config node configures cooker-config in web.xml, which only allows cookie to transmit in encrypted mode.
Test result
The above is the editor for you to share how to configure tomcat security in the case of linux. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.