Tomcat security management in Windows

Download and install the latest Tomcat version, the latest version is generally fixed the old version of the problem, including security issues; modify the Tomcat management background account and password (tomcat \ conf \ tomcat-user.xml) modify the user permission for tomcat running in Windows. Tomcat runs with the System permission by default. This permission is too large. As a result, some hackers can remotely create users by uploading some elevation-of-privilege webshell tools through tomcat, and remotely access your server, so you need to run tomcat with a lower permission. First, create a new user, set a complex password, and make it not belong to any user group. Then, open "Local Security Policy" ---> "Local Policy" ---> "user permission allocation ", find "Log on as a service" and add the user you just created. Find the Tomcat installation directory, assign full control permissions for the "Administrators Group" and "tomcat" accounts, and delete all permissions for other accounts. If you do not assign permissions to the tomcat account, the Tomcat service cannot be started. Then, you need to assign permissions to the Tomcat log directory and the WEB directory separately based on the minimum permission principle. You only need to assign the "read" and "write" permissions to the log directory. Then you need to modify the C: \ Program Files \ JAVA \ jre6 (java installation path) permissions, need to add new tomcat user permissions, otherwise it will report an error reference: http://www.bkjia.com/Article/201307/228671.html
For the apache + tomcat architecture, you also need to modify the apach directory permission. the apache service also needs to run as a tomcat user, and the apache directory also needs to add the read and write permissions of the tomcat user. Otherwise, apache cannot start. 5. Modify the default tomcat404 500 error page. The method for customizing the 404 500 error page is as follows: conf/web in the Tomcat installation directory. add the following code before the end of xml: <error-page> <error-code> 404 </error-code> <location>/404.html </location> </error-page> <error- code> 500 </error-code> <location>/500.html </location> </error-page> Add a 404.html 500.html page in webapps/ROOT.