[英]Is it possible to restrict NanoHttpd to localhost only?
I am running NanoHttpd on 8080 on my local desktop. 我在我的本地桌面上运行Nano80tat 8080。 I can access the server locally in my browser at http://localhost:8080/
. 我可以在浏览器本地访问服务器http://localhost:8080/
。 That part is working as expected. 那部分按预期工作。
However, I do not want my neighbor (or worse, the world) to also be able to access it at http://my.local.ip.add:8080/
. 但是,我不希望我的邻居(或者更糟的是,世界)也能够在http://my.local.ip.add:8080/
上访问它。
How can I restrict it to only localhost access so that I am the only one that can see these pages being served by my locally-running instance of NanoHttpd? 如何将其限制为仅限本地主机访问,以便我是唯一一个可以看到这些页面由我本地运行的NanoHttpd实例提供服务的人?
NanoHttpd is only one source file: here's a relevant clip: NanoHttpd只是一个源文件:这是一个相关的剪辑:
/**
* Constructs an HTTP server on given hostname andport.
*/
public NanoHTTPD(String hostname, int port) {
this.hostname = hostname;
this.myPort = port;
setTempFileManagerFactory(new DefaultTempFileManagerFactory());
setAsyncRunner(new DefaultAsyncRunner());
}
/**
* Start the server.
* @throws IOException if the socket is in use.
*/
public void start() throws IOException {
myServerSocket = new ServerSocket();
myServerSocket.bind((hostname != null) ? new InetSocketAddress(hostname, myPort) : new InetSocketAddress(myPort));
While I'm not in a position to try it from here, it seems like you could achieve the effect you want by constructing your server with new NanoHTTPD("localhost",8080)
-- as that would cause the bind operation to bind to the port on localhost (instead of using the wildcard bind) 虽然我无法从这里尝试它,但似乎你可以通过使用new NanoHTTPD("localhost",8080)
构建服务器来达到你想要的效果 - 因为这会导致绑定操作绑定到localhost上的端口(而不是使用通配符绑定)
UPDATE: Since it appears people are still reading -- and occasionally upvoting :^) -- my off-the-cuff answer years later, I thought I would add this caveat: if you are binding only to localhost for security reasons (ie you "trust" things running on localhost, but you want to block connections from the big bad Internet,) keep in mind binding to localhost only means the tcp connection to NanoHttpd must have a local source address -- but it is still possible that a "local" connection could be initiated by a remote bad actor, using some other software on your host as a springboard. 更新:因为看起来人们还在阅读 - 偶尔也会热议:^) - 多年后我的袖手旁观答案,我想我会加上这个警告:如果出于安全原因你只绑定到localhost(即你“信任”在localhost上运行的东西,但是你想要阻止来自大型恶意Internet的连接,)记住绑定到localhost只意味着与NanoHttpd的tcp连接必须有一个本地源地址 - 但它仍然可能是“本地“连接可以由远程坏人发起,使用主机上的其他软件作为跳板。 For example, a misconfigured http proxy running on the same host might get tricked into connecting to ' http://localhost:8080 ' on behalf of a remote user. 例如,在同一主机上运行的配置错误的http代理可能会被欺骗,代表远程用户连接到“ http:// localhost:8080 ”。 Restricting connect access to the local host is helpful, of course, but consider the context: if you are protecting a high-value resource -- and especially if you have other public-facing services on the same host that might be compromised -- binding to localhost is no substitute for using proper cryptographic authentication. 当然,限制对本地主机的连接访问是有帮助的,但要考虑上下文:如果要保护高价值资源 - 特别是如果您在同一主机上有其他可能受到危害的面向公众的服务 - 绑定localhost不能替代使用适当的加密身份验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.