If no security restrictions were available on the servlet engine side, a wise and knowledge attacker might request that servlet directly to the servlet engine, thus bypassing web server security. This is called an external attack.
To prevent external attacks Apache JServ 1.0 introduced new powerful security restrictions: an IP filter for incoming connections and an MD5-based connection authentication scheme.
For example, if you have two web servers that make requests using 194.39.283.233 and 194.39.283.234 and wish to restrict the servlet requests only from those addresses you add the following line to your jserv.properties file
With this filter enabled, any connection coming on the port Apache JServ is listening to from an IP address not contained in the list, is automatically ignored.security.allowedAddresses=194.39.283.233,194.39.283.234
This file may have any format and any length (could even be an image!), but we suggest you to create your own text file monkey-typing around a hundred bytes. After a few dozens of bytes, the security improvement is negligible while the time taken by the authentication procedure is linear with the secret key length. For this reason there is very little need for long secret keys.
Note: your security is strictly related to that secret key file. Anybody that can guess or recreate your secret key is a potential external attacker if his requests come from the correct IP addresses. It is not needed to suggest you to protect your secret key files and make them not readable or writable to untrusted users.
To enable the authentication on the servlet engine side you should add these two lines to your jserv.properties file
Then you have to enable authentication on every web server that connects to that servlet engine adding this line to your httpd.conf filessecurity.authentication=false security.secretKey=/etc/jserv/jserv.secret.key
Make sure the two secret key files are even the same or the exact binary copy, and both the web server and the servlet engine have permissions to read them.ApJServSecretKey /etc/jserv/jserv.secret.key
Like the ability of running CGI with different UID/GID, on possible solution for internal security is to have different instances of the servlet engine running with different UID/GID. This allows complete separation of the servlets served by the different servlet engine instances.
Another possibility, that will be implemented in the future, is the use of more complex Java security managers to protect system resources from unwanted servlet behavior. This will be implemented in future releases.
Copyright (c) 1997-99 The
Java Apache Project.
$Id: howto.security.html,v 1.5 1999/06/09 05:21:27 jonbolt
Exp $
All rights reserved.