Jsp server security

Source: Internet
Author: User

Tomcat security:
 
1. It runs as a system service, downgrading, and running as a common user.
Modify Tomcat installation folder Access Permissions
 
1. Select the Tomcat installation folder pointed to by the Environment Parameter CATALINA_HOME or TOMCAT_HOME.
2. Grant read, write, and execute permissions to the "ITOMCAT _ computer name" user.
3. Assign read-only access to the WebApps folder to the "ITOMCAT _ computer name" user.
4. If some Web applications require write access permissions, grant them write access permissions to that folder separately.
To run Tomcat as a system service, take the following steps:
 
1. Go to "Control Panel", select "Administrative Tools", and then select "service ".
2. Find Tomcat, such as Apache Tomcat.exe, and open its "attribute ".
3. select its "Log" tab.
4. Select Log ON Using.
5. type the new "ITOMCAT _ computer name" user as the user name.
6. Enter the password.
7. Restart the service.
 
2. If it is run by a common user, the JDK installation directory also needs to grant this user permission, otherwise tomcat cannot be started.
3. Forbidden list www.2cto.com
If the browser can browse the Web directory on the client, there will be a large security risk. Therefore, we need to confirm that the column directory is forbidden in Tomcat settings. The setting file is web. xml, which is also in the conf directory. Open the file in notepad and search for init-param and find the following fields nearby:
<Init-param>
<Param-name> listings </param-name>
<Param-value> false </param-value>
</Init-param>
Make sure it is false, not true.
4. Background Management
The admin. Its configuration file is a tomcat-users.xml, open the file with notepad and then modify. The role label indicates the permission, and the manager indicates the Administrator permission. The user label indicates the background management user. You can see that the user name is admin, and we can change it to a strange user; we can see that there is a blank password behind the password, and we can set a complicated password for it. Finally, the tomcat-users.xml file after the configuration is modified is:
<? Xml version = '1. 0' encoding = 'utf-8'?>
<Tomcat-users>
<Role rolename = "manager"/>
<Role rolename = "admin"/>
<User username = "gslw" password = "test168" roles = "admin, manager"/>
</Tomcat-users>
5. Error Page
 
Unlike IIS, Tomcat provides different types of error pages. If an error occurs in Tomcat, the same error page is displayed. In fact, we can modify its configuration file to customize the display of its error page. Open the web. xml file and add the following statement before the last line:
<Error-page>
<Error-code> 401 </error-code>
<Location>/401.htm</location>
</Error-page>
<Error-page>
<Error-code> 404 </error-code>
<Location>/404.htm</location>
</Error-page>
<Error-page>
<Error-code> 500 </error-code>
<Location>/500.htm</location>
</Error-page>
Of course, you can set a sentence for this example, and create a file such as 401.htm0000404.htm0000500.htm. In addition, put the error page file in the webapps \ manager directory. Otherwise, you must specify the path in web. xml.
 
6. Change the port
The default port of Tomcat is 8080. Attackers can run the scanning tool to scan the port to obtain the Web server deployed with Tomcat and then launch attacks. Therefore, we can modify the default port during the security period. Find the server. xml file in the conf directory of the Tomcat installation path, open it in notepad, search 8080 for the corresponding field, and change 8080 to another number. In addition, it must be noted that when connectionTimeout = "20000" is a connection overhead, maxThreads = "150" is the maximum thread and can be modified as needed.
 
From http://guailele.blog.51cto.com/1156442/788158

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.