How to secure Jetty to only allow access from loopback(localhost)

Question

How can I secure jetty to only allow connections from localhost? This means a connection to server A from Client/Server B has to fail. I know I can do this by configuring my firewall (so please no answers about this). I just want jetty to not listen on localhost. I used google with for example "jetty localhost" but it did not return any good answers (quickly).

Thanks :-)

Answer 1

I have not tried this but the usual method is to bind server to localhost (i.e. to IP 127.0.0.1). That means that Jetty server will listen to only connections that have localhost as their destination address.

A quick googling revealed this http://old.nabble.com/How-to-make-Jetty-bind-to-specific-IP-address---to11667378.html#a11669524 :

add this entry to SelectChannelConnector for example:

<Set name="Host">127.0.0.1</Set>

Answer 2

I found the answer to my question myself after a little bit more googling.

The answer is (Tested on jetty-distribution-7.0.1.v20091125):

1. Locate jetty.xml (etc/jetty.xml)
2. Search for <Call name="addConnector">
3. Set <Set name="Host"><SystemProperty name="jetty.host" default="127.0.0.1"/></Set> before line <Set name="port"><SystemProperty name="jetty.port"/></Set>
4. That's it. Restart jetty server (java -jar start.jar). The server should output something like:

2009-12-23 23:02:09.291:INFO::Started [email protected]:8080

The import thing is that it should say 127.0.0.1 instead of 0.0.0.0

P.S: I wanted to secure apache solr (which is using jetty) which can be achieved in the same way.

You can also bind to localhost programmatically(embed jetty) by:

Server server = new Server();
Connector connector = new SelectChannelConnector();
connector.setHost("localhost");
connector.setPort(80);
server.addConnector(connector);