10 Replies Latest reply on May 28, 2014 1:49 AM by Anuradha K

    Allow only http connector for localhost

    Anuradha K Newbie

      Hi All,

        I want to enable http connector only for localhost. In all other cases it should be disabled. Is there a way to do it in jboss 7.1.1?

       

      Thanks and Regards

      Anu

        • 1. Re: Allow only http connector for localhost
          erasmo2 marciano2 Master

          Hi

           

          Are you using standalone or domain?

          Wich is profile are you using?

          • 3. Re: Allow only http connector for localhost
            Darran Lofthouse Master

            Can you please post your standalone.xml

             

            I would be surprised if that version was not already listening on localhost by default already but it is such an old version I would need to double check the config.

            • 4. Re: Allow only http connector for localhost
              erasmo2 marciano2 Master

              OK

              You have to edit the standalone.xml and modify this tag

              from

                 <interfaces>

                      <interface name="management">

                          <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

                      </interface>

                      <interface name="public">

                          <inet-address value="${jboss.bind.address:127.0.0.1}"/>

                      </interface>

                      <interface name="unsecure">

                          <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

                      </interface>

                  </interfaces>

              to

               

                 <interfaces>

                      <interface name="management">

                          <inet-address value="127.0.0.1"/>

                      </interface>

                      <interface name="public">

                          <inet-address value="127.0.0.1}"/>

                      </interface>

                      <interface name="unsecure">

                          <inet-address value="127.0.0.1"/>

                      </interface>

                  </interfaces>

               

              Then  start jboss ./standalone.sh

               

              Let me Known

              1 of 1 people found this helpful
              • 5. Re: Allow only http connector for localhost
                Anuradha K Newbie

                We are planning to disable http port for external access. But in our product internally we are using http://localhost to call rest service. When we disable http, our product is breaking. Hence need to allow only http://localhost.

                     <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">

                            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" executor="http-executor" enabled="false"/>

                            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" executor="http-executor" enabled="true">

                                <ssl name="ssl" password="changeit" certificate-key-file="${jboss.server.config.dir}/wfa.keystore" cipher-suite="TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" verify-client="false"/>

                            </connector>

                            <virtual-server name="default-host" enable-welcome-root="false">

                                <alias name="localhost"/>

                                <sso reauthenticate="true"/>

                            </virtual-server>

                        </subsystem>

                        <subsystem xmlns="urn:jboss:domain:webservices:1.1">

                            <modify-wsdl-address>true</modify-wsdl-address>

                            <wsdl-host>jbossws.undefined.host</wsdl-host>

                            <endpoint-config name="Standard-Endpoint-Config"/>

                            <endpoint-config name="Recording-Endpoint-Config">

                                <pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">

                                    <handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>

                                </pre-handler-chain>

                            </endpoint-config>

                        </subsystem>

                        <subsystem xmlns="urn:jboss:domain:weld:1.0"/>

                    </profile>

                 

                 

                    <interfaces>

                        <interface name="management">

                            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

                        </interface>

                        <interface name="public">

                            <inet-address value="${jboss.bind.address:127.0.0.1}"/>

                        </interface>

                        <interface name="unsecure">

                            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

                        </interface>

                    </interfaces>

                 

                 

                    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                        <socket-binding name="management-native" interface="management" port="${jboss.management.native.port:9999}"/>

                        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

                        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9443}"/>

                        <socket-binding name="ajp" port="8009"/>

                        <socket-binding name="http" port="${http.port}"/>

                        <socket-binding name="https" port="${https.port}"/>

                        <socket-binding name="messaging" port="5445"/>

                        <socket-binding name="messaging-throughput" port="5455"/>

                        <socket-binding name="remoting" port="4447"/>

                        <socket-binding name="txn-recovery-environment" port="4712"/>

                        <socket-binding name="txn-status-manager" port="4713"/>

                        <outbound-socket-binding name="mail-smtp">

                            <remote-destination host="localhost" port="25"/>

                        </outbound-socket-binding>

                    </socket-binding-group>

                • 6. Re: Allow only http connector for localhost
                  Anuradha K Newbie

                  I tried the solution. But getting error while trying to access localhost through http

                  The server committed a protocol violation. Section=ResponseStatusLine. The server committed a protocol violation. Section=ResponseStatusLine.

                  • 7. Re: Allow only http connector for localhost
                    Wolf-Dieter Fink Master

                    Simple way should be to use the default configuration and add a new 'local' interface and bind the http access against it

                     

                       <interfaces>

                             <!-- other unchanged -->

                            <interface name="local">

                                <inet-address value="127.0.0.1"/>

                            </interface>

                        </interfaces>

                    .....

                    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

                           <!-- other unchanged -->

                     

                            <socket-binding name="http" interface="local" port="${http.port}"/>

                            <socket-binding name="https"interface="local" port="${https.port}"/>

                    • 8. Re: Allow only http connector for localhost
                      Darran Lofthouse Master

                      Is your server accessible remotely?  Unless you are passing in additional parameters to start the JBoss process your configuration shows that you are still binding to loopback only by default.

                      • 9. Re: Allow only http connector for localhost
                        Anuradha K Newbie

                        Hi Darran

                          Actually we want to block external http communication and allow only internal http communication. It is possible to do it?

                         

                        -Anu