tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Restricting Access to Tomcat 3.x and Tomcat 4.0 Connectors
Date Mon, 05 Mar 2001 01:59:14 GMT
Glenn Nielsen wrote:

> I have a general question about restricting access from remote hosts
> to common connectors used by Tomcat 3.x and Tomcat 4.0.
>
> Tomcat 3.x will use port 8007 for its Apache ajp12 connector, is there anyway
> to configure Tomcat 3.x so it will only accept connections on that port
> from localhost or a single remote host?  What about shutdown, does the
> port only accept requests from localhost?
>
> Tomcat 4.0 will use port 8005 as its shutdown port, will this only accept
> connections from localhost?

Yes, in effect.  The connection is accepted no matter where it comes from, but
attempts to shut down Tomcat are refused unless they are from localhost.

AFAIK, there is no way through standard Java I/O to restrict where the connection
comes from at the socket accept level.

>  Is this configurable?
>

Not currently, although this would be relatively easily to add.

>
> Tomcat 4.0 will use port 8008 for its Warp Connector.  Can this be filtered
> using the Request Filter Valve?  The docs for the Request Filter refer to
> denying HTTP requests.
>

As long as the Warp connector properly identifies where the request originated
(which I am pretty sure it does), you can indeed use request filters to accept
only requests from matching clients.  However, this cannot be used to control
where the connection from Apache comes from -- that would require code in the
connector itself.

>
> Regards,
>
> Glenn
>

Craig



Mime
View raw message