[frs-279] Binding FusionReactor Administration Manager (FRAM) to a specific IP address


Background

For security reasons, it is sometimes desirable to bind FRAM (default port 8087) to listen only on a specific IP address. By default, FRAM listens on all IP addresses on the system.

How to change

  1. Open the file FusionReactor/tomcat/conf/server.xml for editing.
  2. Change line 3 to add the address you wish to bind to
    • Before:
      <Connector port="8087" protocol="HTTP/1.1" connectionTimeout="20000" />
      
    • After (binding to 127.0.0.1):
      <Connector port="8087" protocol="HTTP/1.1" connectionTimeout="20000" address="127.0.0.1" />
      
  3. Save the file and restart the FusionReactor AM Service (framd on *nix)

How to verify

  • Issue the netstat command
    • On *nix issue the command
      netstat -an | grep 8087 | grep LISTEN
    • On Windows issue the command
      netstat -an | find "8087" | find "LISTEN"
  • Check output
    • Note the IP change listed in the 2nd column…
    • When bound to 127.0.0.1:
        TCP    127.0.0.1:8087         0.0.0.0:0              LISTENING
      
    • When un-bound (all addresses):
        TCP    0.0.0.0:8087         0.0.0.0:0              LISTENING
      

Issue Details

Type: Technote
Issue Number: FRS-279
Components: FusionReactor Settings
Environment:
Resolution: Fixed
Last Updated: 03/Nov/11 1:42 PM
Affects Version:
Fixed Version: 4.0.0
Server:
Platform:
Related Issues: