When I run selenium on server:
java -jar /usr/lib/selenium/selenium-server-standalone-3.7.0.jar
The port 4444 is opened on all network interfaces also to outside world. Is there a way to run it only on 127.0.0.1 so I can run test only internally?
Asked
Active
Viewed 627 times
2
-
What OS are you running the server on? Windows? – HaC Nov 07 '17 at 02:58
-
Ubuntu 14.04 LTS – Amorphous Nov 07 '17 at 23:53
-
what have you tired? – Jeff Nov 15 '17 at 06:41
-
why such command should exist? – user5363938 Nov 15 '17 at 06:48
3 Answers
2
I tried to read this page, and here is my answer. Let me first point to your comment, and then i will answer your question:
I was wondering is it possible to do it by some command line switch in selenium
There is no way to do it by commands line of selenium. And there are two reasons:
Reason 1:
Because none of the Selenium Server or Client Libraries are designed to cover such need, therefore such feature is not provided in them. You are actually asking a security question, but expect that a testing tool supports it.
Reason 2:
Let's assume there is a command for it, and using it your command line would ask Selenium Server to not answer the http requests outside of 127.0.0.1.
2.1. Do you think, the selenium web server can distinguish between the IPs of the requests?
2.2. Do you think, it is able to have a policy to reject some of the requests in behavioral testing?
(Just remember what is selenium test server: The Selenium Server which launches and kills browsers, interprets and runs the Selenese commands passed from the test program, and acts as an HTTP proxy.)
How to disable selenium server port to outside world?
Here i provide you 2 solutions:
- One tool is
docker. Docker is a virtualization tool, which helps you to separate the test environment from production. So, no one else outside this virtual environment has access to the system. Additionally, the opened port (444) is on the virtual machine. Meaning that no malicious user can reach this port. In other word, if you use docker then your selenium server has nothing to do with your real world application, although you are testing the same application.The below image explains the Docker.
- The best option for you is a Firewall. It is the exact tool which is meant to deal with suspicious requests. It receives a malicious request on port 444, and it checks its defined policy, and then rejects it.
Sal-laS
- 11,016
- 25
- 99
- 169
-
1This feature is simply not implemented in the standalone server. It can be changed in the source by launching the Jetty server on the loop-back `127.0.0.1` instead on the network interface `0.0.0.0`. Note that each driver behaves more or less like a standalone server and already limit the access to the host. – Florent B. Nov 16 '17 at 15:59
-
@FlorentB.Thanks for the comment. i would investigate about ur suggestion. but it doesn't mean my solutions r wrong – Sal-laS Nov 16 '17 at 17:17
0
specify hub and nodes to setup your own selenium grid
selenium-standalone start -- -role hub
selenium-standalone start -- -role node -hub http://localhost:4444/grid/register
selenium-standalone start -- -role node -hub http://localhost:4444/grid/register -port 5556
frianH
- 7,295
- 6
- 20
- 45
bbaassssiiee
- 6,013
- 2
- 42
- 55
-1
Selenium itself does not restrict access.
I had the same problem but I was hosting on a Windows 10 machine. I was able to use IPSec to restrict all incoming TCP and UDP traffic to port 4444 to only a few ip addresses.
I have not done it on Ubuntu yet, but looks like there are similar features with iptables and/or ufw.
HaC
- 902
- 12
- 24
-
Thanks. I understand that I can by bloc it by firewall but I was wondering is it possible to do it by some command line switch in selenium – Amorphous Nov 08 '17 at 09:20
-
I was hoping for a selenium CLI command too, but there isn't. See the first link in my answer, the recommended way is to use firewall. Let me know if you find a better way, I've been searching for a solution to this for over a year now! – HaC Nov 08 '17 at 14:41