Advisory: Bind Content Search and Document Converter to 127.0.0.1 Only

For security reasons, the following services need to bind ONLY to 127.0.0.1 network interface (or localhost):

  • Content Search Service
  • Document Converter Service

This allows only the connections from the local web server to the service that are allowed. 

CodeLathe recommends all FileCloud administrators take steps to make the following changes and verify them to ensure you are running a secure configuration.

Note: The following article applies only to FileCloud On-Premise installations, if you are a FileCloud Online customer, your system is not affected.


To Ensure Your Services are Secure

You can download our script and run it on your server to fix this automatically.

  1. Fix bindings by running a script. 

                FileCloud on Windows – modifies the affected service: Document Converter.

                 FileCloud on Linux (including VM / OVF) – modifies the affected services: Document Converter, and Content Search Service 

     2.   Manually verify bindings.

               Document Converter

               Content Search Service


Fix Bindings on Windows 


Affected Services: Document Converter

Not Affected: Content Search Server

You MUST run the script as an Administrator.
When you open a Windows Powershell prompt, run it as an Administrator.

To run the Powershell script:

  1. Download the Powershell script from here
  2. Unzip the zip file and copy the Powershell script (closeports.ps1) to the following folder where FCDocConverter.jar service is located(NOTE: This can be different based on where you have installed FileCloud.)

    c:\xampp
  3. Open a Powershell prompt and run it as an Administrator
  4. In the Powershell prompt, change to the location where the script was saved. 
    For Example: 

     cd c:\xampp 




  5. Run the script as follows

    .\closeports.ps1

    If you get a script security warning, just enable running the script only for this current session using the following command.

    Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process

  6. You will see a report in the PowerShell window on the status of the fix.

Fix Bindings on Linux


Affected Services: 

  • Document Converter
  • Content Search Server

You MUST run the script as a root user.

To run the script:

  1. Download the script from here.
  2. Run the script as follows:

wget http://patch.codelathe.com/tonidocloud/live/installer/closeports.sh && bash closeports.sh



Manually Verify Bindings

You can use the following steps to ensure you are running a secure configuration that addresses this binding issue.

Document Converter

To verify Document Converter Service settings on Windows:

  1. Run the following command:

    netstat -ano | findstr "8080" 
  2. Verify it is ONLY bound to 127.0.0.1 


To verify Document Converter Service settings on Linux and Centos OS:

  1. Run the following command:

    netstat -atp | grep "8080"
  2. Verify it is ONLY bound to 127.0.0.1 


Content Search Service


To verify Content Search Service on Windows:

  1. Run the following command:

     netstat -ano | findstr "8983"
  2. Verify that it is bound only to the 127.0.0.1 address.


To verify Content Search Service on Linux and Centos OS:

  1. Run the following command:

    netstat -atp | grep "8983"
  2. Verify that it is bound only to the 127.0.0.1 address.