Re: Tomcat 8.5 disabling port 80 listening

2020-01-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Nitin,

On 1/29/20 10:49 AM, Nitin Kadam wrote:
> I have a tomcat 8.5 server configured in the production
> environment. As per requirement, we need to disable all 80 port
> listening from the application and only https (443) to be allowed.

Requirements are requirements, but this one is a bad idea.

https://scotthelme.co.uk/why-closing-port-80-is-bad-for-security/

> I have implemented SSL and the same is working fine. however,
> still, tomcat is showing listening on 80. so can we disable
> (comment ) port 80 connector from server.xml which will only allow
> access to the portal with Https.
> 
> From :  connectionTimeout="2" redirectPort="443" /> To : 

Did you restart Tomcat?

Since you are binding to port 80, I have to ask if you are running as
root. If you have a "security" requirement for closing port 80, you
have  a MUCH MORE URGENT SECURITY REQUIREMENT TO NOT RUN AS root.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4xsUAACgkQHPApP6U8
pFgHtQ//V4JVHP14XOESIvRt6tRorkeM1j8q+7nQ55NzQPZeUqFm80b0Xgp0wgQk
FbiKKKNmT93nKcGmJZzuzi9Vv67SDbxiyUztJUw6qcdfCm8tAuNgWMOwYC6alIZr
CLYsJ5QJuxEEAI6tSOcaZu6HQ5rL41XLo2rOYnPGOgxyLQuQBbGcp9o5vPsCJFbm
FH1TbYXllMUZPlUCvFktrePNu5l1sNOn5+3WRfkkGmnH1S8KN1udPQQytA7iLmGZ
/kAg/xP4Y6PuT1e0GjVHMd1KogtLsLZmNmuKOyMEiSQ4uXHc6BGUpZZMl+vi1MK+
0NN16xyNe+DkU8nwdT2zus8WGOW+3p441Zqn2GnOuZPVAqaTSQS/1jyHIOtHSWmR
6IpICCE5IFJIX4RRLwEErwG5moHSehkFuRPLUZj743meyZuu39iqqv5OfE+ctUyM
Tn/9QwIqrNIhKi9rgh5xU1X6lx4luVpWJLuXR1qBSjHiSkb1zouPxklFhSpo0b0K
QKeMIXTlc9UdUAUCGjcYcmVSb/BDDj0nMH0P+OgAzsHGZo1/XhVPdha8tqgVETCg
CytCSW4I0oxR/cS46EEJzYHERsYEG3573GY9QjcEASk/uRuLwO1noaRaPWFUHXkv
vLISdZYeU9VT7SfhulotPIDOV5y0DFXed5uJZ8o5xBeyO2oeXIc=
=SG7D
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Tomcat 8.5 disabling port 80 listening

2020-01-29 Thread jonmcalexander
>> -Original Message-
>> From: Nitin Kadam  
>> Sent: Wednesday, January 29, 2020 9:50 AM
>> To: Tomcat Users List >> 
>> Subject: Tomcat 8.5 disabling port 80 listening

>> Hi Team,

>> I have a tomcat 8.5 server configured in the production environment. As per 
>> requirement, we need to disable all 80 port listening from the application 
>> and only https (443) to be allowed.

>> I have implemented SSL and the same is working fine. however, still, tomcat 
>> is showing listening on 80. so can we disable (comment ) port 80 connector 
>> from  server.xml which will only allow access to the portal with Https.
>>
>>
>> From :
>>  >connectionTimeout="2"
>>redirectPort="443" />
>> To :
>> 
>> --
>> Regards
>> Nitin Kadam

By All means yes. :-)


Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President

Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions

Upcoming PTO: 11/8, 11/11, 11/15, 11/22, 11/28, 11/29, 12/2, 12/6, 12/13, 12/20 
– 12/31

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com


This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.




Tomcat 8.5 disabling port 80 listening

2020-01-29 Thread Nitin Kadam
Hi Team,

I have a tomcat 8.5 server configured in the production environment. As per
requirement, we need to disable all 80 port listening from the application
and only https (443) to be allowed.

I have implemented SSL and the same is working fine. however, still, tomcat
is showing listening on 80. so can we disable (comment ) port 80 connector
from server.xml which will only allow access to the portal with Https.


>From :
 
To :

-- 
Regards
Nitin Kadam