I have installed tomcat on my Ubuntu Home 11.10 system and can successfully access the test page online after port forwarding on 8080 within my router.
I have not made any other changes to the router, Ubuntu or the tomcat install, everything else has remained standard. I intend on using this to play around with Java Servlets and basic web development for my own personal use.
What steps, if any, would you suggest I take to ensure this is secure? Should I change anything within the Tomcat configuration? This seemed like a good idea to limit access - http://www.seankilleen.com/2010/09/how-to-allow-only-specific-ip-addresses_30.html
But I am open to any other recommendations.
The Solution
Use Tomcat to block all connections with the exception of administrator IP Addresses (which were static to us and known). The Steps
Open the context.xml file, located in [Tomcat]\conf\context.xml, where [Tomcat] is the base location of your Tomcat server.
If you've never edited this file before, you should see a line like the following:
Add the following line directly after the tag:
Notes on How it Works
This valve uses regular expressions, so if you decided to get fancy with it, you certainly could (provided you know a little about Java Regular Expressions). For our purposes, the pipe ("|") character in-between the IP addresses works as an "or" operator. If the Remote Address Value matches any of these full strings, it is allowed.
Note that by default, this denies every other connection.
If you'd like to allow all connections except certain IP addresses, you can change the "allow" attribute to "deny"; all connections will be allowed except those in the deny attribute, which still uses Java regular expressions.
To my knowledge, this "valve" structure can't be stacked. That is to say, you can't do a "deny all" valve and then stack multiple types of "allow valves" on top of it. If anyone knows if this is possible, feel free to sound off in the comments.
Hope this helps!
source