Next: Tomcat 5.5.x Configuration collection (x for 4,5,.6,7) 12. If your webapp needs to be able to access only HTTPS, add the web.xml of WebApp: <security-constraint > <web-resource-collection> <web-resource-name>must https</ web-resource-name> <url-pattern>/lizongbo/*</url-pattern> </ Web-resource-collection> <user-data-constraint> <transport-guarantee >confidential</transport-guarantee> </user-data-constraint> </ Security-constraint> Reference: http://jakarta.apache.org/tomcat/faq/security.html#httpshttp://marc.theaimsgroup.com /?l=tomcat-user&m=104951559722619&w=213. Modify the command to remotely shut down the server. Server.xml Default has the following line: <server port= "8005" shutdown= "shutdown" > This allows anyone to telnet to the server's 8005 port, enter "shutdown", and return to the The server was immediately turned off. From a security point of view, we need to change this shutdown command to a string that is not easily guessed by others. For example, modify the following: <server port= "8006" shutdown= "Lizongbo", so that only telnet to 8006, and enter "Lizongbo" To turn off Tomcat. Note: This modification does not affect the execution of Shutdown.bat. Run shutdown.BAT, you can turn off the server. Reference:http://jakarta.apache.org/tomcat/faq/security.html#8005 can refer to the following: http://www.cnjsp.org/document/ user/tuman/valve.html 14. Configure the HTTP access log. Tomcat has the ability to record HTTP access logs in detail. Uncomment the following section: <valve classname= " Org.apache.catalina.valves.AccessLogValve " directory= "Logs" prefix= "Localhost_access_log." suffix= ". txt" pattern= "Common" Resolvehosts= "false"/> then modified to: <valve className= " Org.apache.catalina.valves.FastCommonAccessLogValve " directory= "Logs" prefix= "Localhost_access_log." suffix= ". txt" pattern= "combined" resolvehosts= "false" filedateformat= "YYYY-MM-DD.HH"/> pattern= "combined" Log content in more detail, filedateformat= "yyyy-mm-dd.hh", will let log files by the hour roll, than the default by the day roll, especially a large number of visits to the site, can consider written as filedateformat= " YYYY-MM-DD.HH.MM ", it will be a log file per minute. And you can press engine, Host, or context, to record their own log details reference: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/ valve.htmlhttp://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/logger.htmlhttp://jakarta.apache.org/tomcat/ Tomcat-5.0-doc/config/host.html#access%20logs and can also cooperate with Awstats to carry on the log statistic analysis: http://www.chedong.com/tech/awstats.html 15. Restrict IP, restrict host access, etc. If you want to disallow specified IP or hostname to deny certain machine access, or specify certain machines to access. The following configuration is also supported by pressing engine, Host, or context respectively: <context path= "/examples" ...> ... "<valve" Org.apache.catalina.valves.RemoteHostValve " allow=" *. Mycompany.com,www.yourcompany.com "/> <valve classname=" Org.apache.catalina.valves.RemoteAddrValve " deny= "192.168.1.* "/></context> Reference:http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html 16. Publish WebApp to the Web site root directory 1. Copy directly to the root directory. 2. Because it is not possible to create an XML file without a name and the path specified in the XML file is invalid (tomcat is judged by the file name), the following paragraph must be written in the Server.xml: <context docbase= "${ Catalina.home}/vhost/www.lizongbo.com "path="/" privileged=" true "Antiresourcelocking=" false "antijarlocking=" false "><manager classname=" Org.apache.catalina.session.StandardManager "algorithm=" SHA-512 "entropy=" Suijisifuchuansuijisifuchuansuijisifuchuansuijisifuchuan "maxactivesessions="/> <valve classname= "Org.apache.catalina.valves.FastCommonAccessLogValve" directory= "Logs" prefix= " Localhost_mytest_access_log. "suffix=" ". txt" pattern= "Combined" ResoLvehosts= "true" filedateformat= "yyyy-mm-dd.hh"/> </Context > and the root directory must be removed, or tomcat will be the priority to deploy the root directory as "/". 17. When you restart Tomcat's WebApp, the session is prohibited from being written to the file. Modify Conf/web.xml Uncomment: <!----> <manager pathname= ""/> 18. Enhance the Sessiionid generation algorithm and length. <manager classname= " Org.apache.catalina.session.StandardManager "algorithm=" SHA-512 "sessionidlength=" > </Manager> (the default is MD5, the length is 16 bits.) ) 19. Configuration log: (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html) in D:\jakarta-tomcat-5.5.8\ Common\classes\ New log4j.properties content: Log4j.rootlogger=debug, R log4j.appender.r= Org.apache.log4j.RollingFileAppender Log4j.appender.r.file=${catalina.home}/logs/tomcat5.5.log LOG4J.APPENDER.R.MAXFILESIZE=10MB log4j.appender.r.maxbackupindex=10 log4j.appender.r.layout= Org.apache.log4j.PatternLayout Log4j.appender.r.layout.conversionpattern=%p%t%c-%m%n Log4j.logger.org.apache.catalina=debug, Rlog4j.logger.org.apache.catalina.core.containerbase.catalina.localhost=debug, R Log4j.logger.org.apache.catalina.core=debug, R Log4j.logger.org.apache.catalina.session=debug, R Copy Log4j-1.2.9.jar and Commons-logging.jar to d:\jakarta-tomcat-5.5.8\common\lib 20. Using Windows domain user authentication http:// jcifs.samba.org/src/docs/ntlmhttpauth.html
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
