Tomcat 防止域名恶意绑定设置

  |   0 评论   |   1,328 浏览

    修改tomcat/conf/server.xml,找到engine元素

    <!-- default host is forbiden -->  
    <Engine name="Catalina" defaultHost="forbiden">  
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"  
            resourceName="UserDatabase"/>  
                
        <!-- allow hosts -->  
        <Host name="localhost"  appBase="webapps"  
                unpackWARs="true" autoDeploy="true"  
                xmlValidation="false" xmlNamespaceAware="false"></Host>  
        <Host name="www.yourdomain.com"  appBase="webapps"  
                unpackWARs="true" autoDeploy="true"  
                xmlValidation="false" xmlNamespaceAware="false"></Host>          
        <Host name="192.168.1.3"  appBase="webapps"  
                unpackWARs="true" autoDeploy="true"  
                xmlValidation="false" xmlNamespaceAware="false"></Host>       
                  
        <!-- forbiden host, the appBase is a not exists directory.   
        If the requested domain is not in the above list of hosts where are allowed, then use this host.  
    -->  
        <Host name="forbiden"  appBase="notexists"  
                unpackWARs="true" autoDeploy="true"  
                xmlValidation="false" xmlNamespaceAware="false"></Host>      
    </Engine>
    

    这里将Engine中的defaultHost设置为forbiden,下面有个name为forbiden的host,其appBase是个不存在的目录。再添加允许的host。所以,如果是未知的域名,则会使用forbiden的host,这样就访问不到真实应用目录了。

    评论

    发表评论

    validate