4.2.2. Binding Only a Single Network Interface

By default, both HTTP port and the CORBA port are bound to all network interfaces. For example your server might be accessible through two network cards using the IP addresses 10.1.3.253 and 10.1.3.254. For security reasons, you might want to grant access to the servers only through one of the interfaces.

Binding the HTTP port to only one single interface can be achieved by adding an address attribute to the Tomcat's Connector element (see http://tomcat.apache.org/tomcat-7.0-doc/config/http.html ).

For limiting the access through CORBA, too, some properties must be set. By setting com.sun.CORBA.ORBServerHost to the correct IP address, you ensure that external clients contact the server through the correct interface. In order to bind only the correct interface, you must configure a custom CoreMedia socket factory, which is configured using a system property. Set the following system properties when starting the Content Management Server and the Workflow Server:

Property Type Property Name Property Value
ORB com.sun.CORBA.ORBServerHost <IpAddress>
ORB com.sun.CORBA.legacy.connection.ORBSocketFactoryClass com.coremedia.corba.SingleIpSocketFactory50
System com.coremedia.corba.SingleIpSocketFactory.ip <IpAddress>

Table 4.2. Properties for Single IP configuration


Replace <IpAddress> by the IP address of the network interface to bind, for example 10.1.3.253. If you want to secure this connection via SSL, you have to use different factories, see Section 4.2.4, “Encrypting CORBA with SSL and bind to a Single Network Interface” for details.