10 Replies Latest reply on May 28, 2014 1:49 AM by anuk

    Allow only http connector for localhost

    anuk

      Hi All,

        I want to enable http connector only for localhost. In all other cases it should be disabled. Is there a way to do it in jboss 7.1.1?

       

      Thanks and Regards

      Anu

        • 1. Re: Allow only http connector for localhost
          erasmomarciano

          Hi

           

          Are you using standalone or domain?

          Wich is profile are you using?

          • 2. Re: Allow only http connector for localhost
            anuk

            We are using standalone.

            • 3. Re: Allow only http connector for localhost
              dlofthouse

              Can you please post your standalone.xml

               

              I would be surprised if that version was not already listening on localhost by default already but it is such an old version I would need to double check the config.

              • 4. Re: Allow only http connector for localhost
                erasmomarciano

                OK

                You have to edit the standalone.xml and modify this tag

                from

                   <interfaces>

                        <interface name="management">

                            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

                        </interface>

                        <interface name="public">

                            <inet-address value="${jboss.bind.address:127.0.0.1}"/>

                        </interface>

                        <interface name="unsecure">

                            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

                        </interface>

                    </interfaces>

                to

                 

                   <interfaces>

                        <interface name="management">

                            <inet-address value="127.0.0.1"/>

                        </interface>

                        <interface name="public">

                            <inet-address value="127.0.0.1}"/>

                        </interface>

                        <interface name="unsecure">

                            <inet-address value="127.0.0.1"/>

                        </interface>

                    </interfaces>

                 

                Then  start jboss ./standalone.sh

                 

                Let me Known

                1 of 1 people found this helpful
                • 5. Re: Allow only http connector for localhost
                  anuk

                  We are planning to disable http port for external access. But in our product internally we are using http://localhost to call rest service. When we disable http, our product is breaking. Hence need to allow only http://localhost.

                       <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">

                              <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" executor="http-executor" enabled="false"/>

                              <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" executor="http-executor" enabled="true">

                                  <ssl name="ssl" password="changeit" certificate-key-file="${jboss.server.config.dir}/wfa.keystore" cipher-suite="TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" verify-client="false"/>

                              </connector>

                              <virtual-server name="default-host" enable-welcome-root="false">

                                  <alias name="localhost"/>

                                  <sso reauthenticate="true"/>

                              </virtual-server>

                          </subsystem>

                          <subsystem xmlns="urn:jboss:domain:webservices:1.1">

                              <modify-wsdl-address>true</modify-wsdl-address>

                              <wsdl-host>jbossws.undefined.host</wsdl-host>

                              <endpoint-config name="Standard-Endpoint-Config"/>

                              <endpoint-config name="Recording-Endpoint-Config">

                                  <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">

                                      <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>

                                  </pre-handler-chain>

                              </endpoint-config>

                          </subsystem>

                          <subsystem xmlns="urn:jboss:domain:weld:1.0"/>

                      </profile>

                   

                   

                      <interfaces>

                          <interface name="management">

                              <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

                          </interface>

                          <interface name="public">

                              <inet-address value="${jboss.bind.address:127.0.0.1}"/>

                          </interface>

                          <interface name="unsecure">

                              <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

                          </interface>

                      </interfaces>

                   

                   

                      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                          <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>

                          <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

                          <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

                          <socket-binding name="ajp" port="8009"/>

                          <socket-binding name="http" port="${http.port}"/>

                          <socket-binding name="https" port="${https.port}"/>

                          <socket-binding name="messaging" port="5445"/>

                          <socket-binding name="messaging-throughput" port="5455"/>

                          <socket-binding name="remoting" port="4447"/>

                          <socket-binding name="txn-recovery-environment" port="4712"/>

                          <socket-binding name="txn-status-manager" port="4713"/>

                          <outbound-socket-binding name="mail-smtp">

                              <remote-destination host="localhost" port="25"/>

                          </outbound-socket-binding>

                      </socket-binding-group>

                  • 6. Re: Allow only http connector for localhost
                    anuk

                    I tried the solution. But getting error while trying to access localhost through http

                    The server committed a protocol violation. Section=ResponseStatusLine. The server committed a protocol violation. Section=ResponseStatusLine.

                    • 7. Re: Allow only http connector for localhost
                      wdfink

                      Simple way should be to use the default configuration and add a new 'local' interface and bind the http access against it

                       

                         <interfaces>

                               <!-- other unchanged -->

                              <interface name="local">

                                  <inet-address value="127.0.0.1"/>

                              </interface>

                          </interfaces>

                      .....

                      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                             <!-- other unchanged -->

                       

                              <socket-binding name="http" interface="local" port="${http.port}"/>

                              <socket-binding name="https"interface="local" port="${https.port}"/>

                      • 8. Re: Allow only http connector for localhost
                        dlofthouse

                        Is your server accessible remotely?  Unless you are passing in additional parameters to start the JBoss process your configuration shows that you are still binding to loopback only by default.

                        • 9. Re: Allow only http connector for localhost
                          anuk

                          Hi Darran

                            Actually we want to block external http communication and allow only internal http communication. It is possible to do it?

                           

                          -Anu

                          • 10. Re: Allow only http connector for localhost
                            anuk

                            Thanks