• GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 

    Configuration of iptables for Java Web Application deployed on VPS

    Hello everyone,

    Am trying to deploy a Java Web Application for the first time on a VPS for my website with the following configuration:


    - CentOS 6 VPS

    - Tomcat webserver with Apache AJP connector

    - SSL setup via CPanel

    - http traffic redirected to https via CPanel redirects


    The website runs fine for a day or so, then I get the following error in my catalina.out and the website stops working:


    18-May-2018 16:37:59.449 INFO [http-nio-8080-exec-3] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
     Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
     java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens


    My question is **how do I resolve this error so that my website works fine**


    I looked at the following post to figure out a solution:




    One solution there is to "set up IP Tables rule to forward port 80 to port 8080". For this I try to add the following to iptables:


    -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080


    but CentOS6 does not allow me to do this. ** My second question is how do I configure this prerouting thing**

    My last question is **How should I set up iptables for everything to work fine. or should I just leave the iptables empty (probably not safe)**.


    Any help is appreciated.


    2 REPLIES 2

    I used the following settings on iptables, but then the website stops working, and status messages on GoDaddy website for my VPS get messed up.


    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
    iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P INPUT DROP

    iptables-save | sudo tee /etc/sysconfig/iptables
    service iptables restart

    Here is the link containing information about which ports to open on firewall.