Shulou(Shulou.com)05/31 Report--

How to carry out Tomat security settings and version shielding, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Apache Tomcat, we generally refer to Tomcat, is a free and open source Java application server of the famous non-profit open source software Apache Software Foundation (Apache Software Foundation), which implements Java Servlet,JavaServer Pages,Java language expression and Java WebSocket technology. All specifications are based on the JCP (Java Community Process) standard and are widely used in large and small companies, such as BAT.

Tomcat is developed in an open and participatory environment based on the Apache License version 2 protocol, with a large number of participants and excellent developers. The current maintenance versions are Tomcat 7, Tomcat 8, and Tomcat 9 series versions. At the time of writing, the latest official versions are Tomcat 7.0.85, Tomcat 8.0.50 and Tomcat 9.0.5.

The online platform of the author's company is also the main Java development, there are a large number of Tomcat servers need to be maintained to do security settings, and do version shielding. Today, we will introduce the security settings and version shielding of Tomcat server.

Tomcat security configuration 1. Delete redundant projects

Remove the sample files and help files that come with Tomcat by default, and disable the Web background management interface (some automated deployment projects may be required, which should be configured according to the actual situation).

Mainly delete all non-engineering directories (ROOT DOCS example manage web-manage) under the webapp directory.

2. Stop the Tomcat shutdown port

This port is used to send local commands to Tomcat's application server that stops Tomcat, and we can configure to disable it before the port starts. The methods are as follows:

Configure conf/server.xml file, modify SHUTDOWN port to-1

3. Forbid column directories

Configure the conf/web.xml file to prevent all files in the directory from being listed because the default home page cannot be found when accessing the directory directly. Note that this item is not listed by default.

4. Prohibit the use of AJP

Configure the conf/server.xml file, comment or delete the following sections:

Modified to:

5. Start the reduction right of tomcat

Be careful not to start tomcat with root privileged users, which is very dangerous! It's dangerous! It's dangerous! Say the important words three times. If you have already started with root, perform the following steps to reinforce:

Kill-9 pid

(stop tomcat first), be careful not to affect the business.

Useradd tomcat

Modify the tomcat directory host (replace the directory according to the actual project directory)

Chown tomcat.tomcat / tomcat directory / apache_tomcat & ampndash;R

Su tomcat

Bin/startup.sh

Tomcat version information shielding

In order to block the Tomcat version information, we have to do the version information in two places. Suppose we want to change the Tomcat version information to FC CDN Server and pretend to be a CDN server to bluff people (don't spread it widely).

1. ServerInfo.properties custom service version information

The version information is mainly reflected in the error page of the web page and other information.

Modify the org/apache/catalina/util/ServerInfo.properties information, and if not, create the file first.

Server.info=FC CDN Server2 and server.xml custom service version information

The version information shown mainly in the Http response header.

Modify the conf/ server.xml file

Find this passage:

Modified to:

After reading the above, have you mastered how to set Tomat security and how to block the version? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.