How do I prevent people from shutting down my Tomcat?
Author: Deron Eriksson
Description: This tutorial describes how to prevent people from shutting down your running Tomcat by executing a SHUTDOWN on port 8005.
Tutorial created using: Windows XP || JDK 1.5.0_09 || Tomcat 5.5.20
By default, my TomcatSW can be shut down by sending "SHUTDOWN" to port 8005 on the host where Tomcat is running. Let's see an example of this. First, I'll go to the command prompt and start my Tomcat by executing Tomcat's startup.bat file. This starts Tomcat.
Next, I'll telnet to port 8005 of my localhost, since I'm running Tomcat locally. I can do this via "telnet localhost 8005".
With telnet open to port 8005 of localhost, I type SHUTDOWN (all capitals) followed by enter. This causes Tomcat to shut down! (If I typed something like 'hamburger' followed by enter, this would cause Tomcat to display a console message such as: "WARNING: StandardServer.await: Invalid command 'hamburger' received".
(Continued on page 2)