The Corda Server servlet is set up by default to accept incoming requests from any host. You must configure it in order to allow only incoming requests from the application server that hosts the Discovery Framework.
To change the Corda configuration:
<PathMaps Version="1.0"> <Map Name="DefaultRead" Path="./*" Action="Load"/> <Map Name="DefaultSave" Path="./images/*" Action="Save"/> <Map Name="ValidDomain" Path="127.0.0.1" Action="allowDomain"/> <Map Name="ValidDomain" Path="localhost" Action="allowDomain"/> <Map Name="ValidDomain" Path="*" Action="allowDomain"/> </PathMaps>
The last line, highlighted in bold, leaves Corda open to requests from anywhere. For this reason, you should replace "*" with the IP address (or range of addresses) allowed to access it (such as, for example, “192.168.*”). Specifically, you should add the location of the application server hosting the Discovery Framework.
Refer to Corda’s documentation for details about this configuration file.