Hi, I need to allow public internet access to my tomcat server / web application. Although it would be restricted to set of trusted IPs initially, later it may need to be open for public access. Is there any guide for securing tomcat setup or steps needed before allowing public access. Right now the only change I have made is changing default tomcat-users.xml file used for authentication. Any other suggestions or comments?
System: CentOS 5.4, Sun JDK 1.5, Tomcat 5.5.28 running on 8080 port, also accessible through port 80 using AJP. Thanks you, jM.
