Thursday, November 16, 2017

How to disable selenium server port to outside world?

Leave a Comment

When I run selenium on server:

java -jar /usr/lib/selenium/selenium-server-standalone-3.7.0.jar 

The port 4444 is opened on all network interfaces also to outside world. Is there a way to run it only on 127.0.0.1 so I can run test only internally?

3 Answers

Answers 1

I tried to read this page, and here is my answer. Let me first point to your comment, and then i will answer your question:

I was wondering is it possible to do it by some command line switch in selenium

There is no way to do it by commands line of selenium. And there are two reasons:

Reason 1:

Because none of the Selenium Server or Client Libraries are designed to cover such need, therefore such feature is not provided in them. You are actually asking a security question, but expect that a testing tool supports it.

Reason 2:

Let's assume there is a command for it, and using it your command line would ask Selenium Server to not answer the http requests outside of 127.0.0.1.

2.1. Do you think, the selenium web server can distinguish between the IPs of the requests?

2.2. Do you think, it is able to have a policy to reject some of the requests in behavioral testing?

(Just remember what is selenium test server: The Selenium Server which launches and kills browsers, interprets and runs the Selenese commands passed from the test program, and acts as an HTTP proxy.)

How to disable selenium server port to outside world?

Here i provide you 2 solutions:

  1. One tool is docker. Docker is a virtualization tool, which helps you to separate the test environment from production. So, no one else outside this virtual environment has access to the system. Additionally, the opened port (444) is on the virtual machine. Meaning that no malicious user can reach this port. In other word, if you use docker then your selenium server has nothing to do with your real world application, although you are testing the same application.The below image explains the Docker.

enter image description here

  1. The best option for you is a Firewall. It is the exact tool which is meant to deal with suspicious requests. It receives a malicious request on port 444, and it checks its defined policy, and then rejects it.

enter image description here

Answers 2

specify hub and nodes to setup your own selenium grid

selenium-standalone start -- -role hub selenium-standalone start -- -role node -hub http://localhost:4444/grid/register selenium-standalone start -- -role node -hub http://localhost:4444/grid/register -port 5556

Answers 3

Selenium itself does not restrict access.

I had the same problem but I was hosting on a Windows 10 machine. I was able to use IPSec to restrict all incoming TCP and UDP traffic to port 4444 to only a few ip addresses.

I have not done it on Ubuntu yet, but looks like there are similar features with iptables and/or ufw.

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment