iptables redirected port 80 to 8080 - How to disallow direct access to port 8080?

iptables port-forwarding tomcat port-80

I've routed all requests from port 80 to port 8080 for my Tomcat server using iptables.

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

Now http://mydomain.com/ works fine, but people can still access http://mydomain.com:8080. I see that on other sites this is not possible. Is there anyway to disable direct access to port 8080 via the url?


Solution 1:

When you access http://mydomain.com, does it rewrite the URL to http://mydomain.com:8080? If it does, I don't see how to make it work using purely iptables (because you will need the 8080 port to be open to answer the requests). I did a quick test here and the URL was being rewritten but it may be my site doing it.

Said that, maybe it's better to put a nginx or apache with ProxyPass/ProxyPassReverse in front of your application to deal with URLs, with the plus of being able to use nginx's or apache's URL rewrite, load balancing and other capabilities.

Related

Network Load Balancing problem
How to add a header in .htaccess bases on filetype (mime type)? [duplicate]
Why doesn't my docker actually log anything?
Pipe all Postfix email for a domain to PHP script - Centos7/EC2
HP B110i controller not seeing storage array. Any ideas?
Tunnelling through an IP alias
iperf udp sequence number wireshark
How long are the default times for greylisting with postgrey? [closed]
SFTP login accepted, SSH login denied by Synology NAS
How to mount a URL as a CD-ROM on QEMU?
Can't get php-fpm with Nginx to work
FTP from batch file