See Main Servlet on how to protect this servlet.
tunnel.servlet.hosts.allowed=127.0.0.1,SERVER_IP tunnel.servlet.https.required=false