I would like to "limit" tomcat features as much as possible for avoiding undesiderables external accesses to the web server. I want that only 2 servlets have to run on HTTPS, port 8443. And these two servlets are simply replying to a GET with a static XML. Nothing more. I define the ssl connector listening on port 8443, and create the 2 servlets. Everything is running well, soo my intent is to close every other possibility of access (such as HTTP on 8080, manager and admin from outside, etc...)
Is there a "list" somewhere of "tips of security" of tomcat ? Or do you have any suggestion ? thanks in advance. Lapo