I’m running neo4j version 1.5M01. I’ve also tried version 1.4.1. And I can’t figure out how to stop it from running in hideously insecure mode, where anyone who connects to it over HTTP has full read/write/shell access to the database.

I know that neo4j doesn’t manage security on its own. I just want to close the port so it can only be accessed from localhost.

The documentation at http://docs.neo4j.org/chunked/snapshot/server-configuration.html says that this is how you open the port:

Specify the client accept pattern for the webserver (default is 127.0.0.1, localhost only):

# allow any client to connect

org.neo4j.server.webserver.address=0.0.0.0

But if I leave that line out, it’s still open. If I change it to 127.0.0.1, it’s also still open.