tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pier P. Fumagalli" <>
Subject Re: Restricting Access to Tomcat 3.x and Tomcat 4.0 Connectors
Date Mon, 05 Mar 2001 06:46:27 GMT
Dan Milstein <> wrote:
> The spec for the Ajp2.1 (which was not, AFAIK, ever implemented) has an
> excellent section discussing "Security Hazards".  Anyone interested can
> check that out at:

Hehehe :) I was one of the co-authors of that spec :) (Nice to see when
someone pulls out a work from the past and says it contains "excellent"

To deny DOS attacks, I suggest using kernel-level IP filtering packages
(such as the IPF package for Solaris/*BSD or IPCHAINS for Linux - or
whatever it's name is today). They work pretty well, try to connect to port
8080 on :) :) :) (Tomcat is running with the default
HTTP connector, but its access is restricted to only and
192.168.1.* if it comes from the right Ethernet interface :)


Pier Fumagalli  <>  <>

View raw message