-
1. Re: Allow only http connector for localhost
erasmomarciano May 22, 2014 5:29 AM (in response to anuk)Hi
Are you using standalone or domain?
Wich is profile are you using?
-
2. Re: Allow only http connector for localhost
anuk May 22, 2014 8:18 AM (in response to erasmomarciano)We are using standalone.
-
3. Re: Allow only http connector for localhost
dlofthouse May 22, 2014 8:28 AM (in response to anuk)Can you please post your standalone.xml
I would be surprised if that version was not already listening on localhost by default already but it is such an old version I would need to double check the config.
-
4. Re: Allow only http connector for localhost
erasmomarciano May 22, 2014 8:30 AM (in response to anuk)1 of 1 people found this helpfulOK
You have to edit the standalone.xml and modify this tag
from
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="unsecure">
<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
</interface>
</interfaces>
to
<interfaces>
<interface name="management">
<inet-address value="127.0.0.1"/>
</interface>
<interface name="public">
<inet-address value="127.0.0.1}"/>
</interface>
<interface name="unsecure">
<inet-address value="127.0.0.1"/>
</interface>
</interfaces>
Then start jboss ./standalone.sh
Let me Known
-
5. Re: Allow only http connector for localhost
anuk May 22, 2014 9:18 AM (in response to dlofthouse)We are planning to disable http port for external access. But in our product internally we are using http://localhost to call rest service. When we disable http, our product is breaking. Hence need to allow only http://localhost.
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" executor="http-executor" enabled="false"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" executor="http-executor" enabled="true">
<ssl name="ssl" password="changeit" certificate-key-file="${jboss.server.config.dir}/wfa.keystore" cipher-suite="TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" verify-client="false"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<sso reauthenticate="true"/>
</virtual-server>
</subsystem>
<subsystem xmlns="urn:jboss:domain:webservices:1.1">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>jbossws.undefined.host</wsdl-host>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config">
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
</pre-handler-chain>
</endpoint-config>
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:1.0"/>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="unsecure">
<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="${http.port}"/>
<socket-binding name="https" port="${https.port}"/>
<socket-binding name="messaging" port="5445"/>
<socket-binding name="messaging-throughput" port="5455"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
-
6. Re: Allow only http connector for localhost
anuk May 22, 2014 10:33 AM (in response to erasmomarciano)I tried the solution. But getting error while trying to access localhost through http
The server committed a protocol violation. Section=ResponseStatusLine. The server committed a protocol violation. Section=ResponseStatusLine.
-
7. Re: Allow only http connector for localhost
wdfink May 22, 2014 1:47 PM (in response to anuk)Simple way should be to use the default configuration and add a new 'local' interface and bind the http access against it
<interfaces>
<!-- other unchanged -->
<interface name="local">
<inet-address value="127.0.0.1"/>
</interface>
</interfaces>
.....
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<!-- other unchanged -->
<socket-binding name="http" interface="local" port="${http.port}"/>
<socket-binding name="https"interface="local" port="${https.port}"/>
-
8. Re: Allow only http connector for localhost
dlofthouse May 23, 2014 6:39 AM (in response to anuk)Is your server accessible remotely? Unless you are passing in additional parameters to start the JBoss process your configuration shows that you are still binding to loopback only by default.
-
9. Re: Allow only http connector for localhost
anuk May 28, 2014 12:44 AM (in response to dlofthouse)Hi Darran
Actually we want to block external http communication and allow only internal http communication. It is possible to do it?
-Anu
-
10. Re: Allow only http connector for localhost
anuk May 28, 2014 1:49 AM (in response to wdfink)Thanks