We're running an older version of GeoServer , version 1.7.1 I believe, and it
appears to communicate internally with the GeoWebCache plug-in over port 80. On
our production system port 80 is unavailable - only comm. over secured ports is
allowed, e.g. port 443. I read a post on the internet
Yes, 2.0.1 internalizes the communication, so it happens in Java
without network access.
However, to me it seems like you should just allow HTTP communication on
127.0.0.1, and not on the public interface. Anyone that can sniff
packets on the loopback interface already has superuser