tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pier P. Fumagalli" <p...@betaversion.org>
Subject Re: Restricting Access to Tomcat 3.x and Tomcat 4.0 Connectors
Date Mon, 05 Mar 2001 06:46:27 GMT
Dan Milstein <danmil@shore.net> wrote:
> 
> The spec for the Ajp2.1 (which was not, AFAIK, ever implemented) has an
> excellent section discussing "Security Hazards".  Anyone interested can
> check that out at:
> 
> http://java.apache.org/jserv/protocol/AJPv21.html

Hehehe :) I was one of the co-authors of that spec :) (Nice to see when
someone pulls out a work from the past and says it contains "excellent"
pointers)....

To deny DOS attacks, I suggest using kernel-level IP filtering packages
(such as the IPF package for Solaris/*BSD or IPCHAINS for Linux - or
whatever it's name is today). They work pretty well, try to connect to port
8080 on kali.betaversion.org :) :) :) (Tomcat is running with the default
HTTP connector, but its access is restricted to only 127.0.0.1 and
192.168.1.* if it comes from the right Ethernet interface :)

    Pier

-- 
----------------------------------------------------------------------------
Pier Fumagalli  <http://www.betaversion.org/>  <mailto:pier@betaversion.org>


Mime
View raw message