How to secure Jetty to only allow access from loopback(localhost)
Solution 1
I have not tried this but the usual method is to bind server to localhost (i.e. to IP 127.0.0.1). That means that Jetty server will listen to only connections that have localhost as their destination address.
A quick googling revealed this http://old.nabble.com/How-to-make-Jetty-bind-to-specific-IP-address---to11667378.html#a11669524 :
add this entry to SelectChannelConnector for example:
<Set name="Host">127.0.0.1</Set>
Solution 2
I found the answer to my question myself after a little bit more googling.
The answer is (Tested on jetty-distribution-7.0.1.v20091125):
- Locate jetty.xml (etc/jetty.xml)
- Search for
<Call name="addConnector">
- Set
<Set name="Host"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set>
before line<Set name="port"><SystemProperty name="jetty.port"/></Set>
- That's it. Restart jetty server (
java -jar start.jar
). The server should output something like:
2009-12-23 23:02:09.291:INFO::Started [email protected]:8080
The import thing is that it should say 127.0.0.1 instead of 0.0.0.0, 0.0.0.0 means listen on all ips on the machine.
P.S: I wanted to secure apache solr (which is using jetty) which can be achieved in the same way.
You can also bind to localhost programmatically(embed jetty) by:
Server server = new Server();
Connector connector = new SelectChannelConnector();
connector.setHost("localhost");
connector.setPort(80);
server.addConnector(connector);
Solution 3
For Jetty 9 embedded, this code works.
Server server = new Server();
ServerConnector connector=new ServerConnector(server);
connector.setPort(80);
connector.setHost("localhost");
server.setConnectors(new Connector[]{connector});
Solution 4
You can set the jetty.host
property during start of the virtual machine:
java -Djetty.host=127.0.0.1 -jar start.jar
Btw same for jetty.port
.
Solution 5
I was able to do this using .htaccess but for some reason the localhost filtering does not work. If you want to allow traffic from a particular external IP and block all others try
http://technologyenablingbusiness.blogspot.com/2011/03/setting-security-in-solr-running-on.html
EDIT: Archived version of page at https://web.archive.org/web/20110429184536/http://technologyenablingbusiness.blogspot.com/2011/03/setting-security-in-solr-running-on.html
Alfred
Updated on August 10, 2020Comments
-
Alfred almost 4 years
How can I secure jetty to only allow connections from localhost? This means a connection to server A on System A from Client B on System B has to fail. I know I can do this by configuring my firewall (so please no answers about this). I just want Jetty to only listen on localhost(loopback).