tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Einfeldt" <>
Subject AW: Need Help plz
Date Fri, 31 May 2002 05:51:43 GMT
For the first question:
  - Which tomcat do you use ?
  - Do you run it stand alone or with apache or iis
    - Which connector do you use

For the second question:
  I would't do that. It introduces more problems than
  it helps.
  Blocking an IP is a dangerous thing. There can be
  serveral thausend people that have the same IP.
  They would all be blocked. If you implement somthing 
  like this it's very easy to disable your site for a wide 
  range of users. (If some hackers find out that 'feature'
  they will play around with that. It's possible to send
  out packets with faked IP adresses. So if a hacker
  wants to attack your site, he can issue requests
  with IP's from proxies with a high user number)

  Blocking an IP is not very effective, as any hacker
  who has a provider with dynamic IP's can change his IP
  with every try. (If you block that IP, the next user
  that gets this IP will be blocked).  

  The only scenario where this would make sense is an
  extranet where you know that the each user will have
  a unique IP. (But in this case I would rather restrict
  the IP's for the incoming requests)

> -----Urspr√ľngliche Nachricht-----
> Von: Walid Mohamed Al Abbadi []
> Gesendet: Freitag, 31. Mai 2002 00:24
> An:
> Betreff: Need Help plz
> Hi ,
>       i need  help please in two subjects .. My problems are what
> configuration I should have to do in the server to prevent:
>  1)       Prohibit downloading the *.jsp files from any client on the
> internet... [ I noticed that if  I wrote the URL of my site 
> ending with
> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> server offered me to download the file it self ! ..Which I 
> don&#8217;t want
> any user knows this property to download my own source-code jsp files!
>  2)       My application  is  depend on a password 
> authentication  , which
> I don&#8217;t want  any cracker to keep trying 
> usernames/passwords for 
> many tries ..  How should I tell the server to block an ip 
> after 3 times
> tries [for example] and for how long this ip will be blocked!
>   are thses problems related with the Apache server or Tomcat 
> serve or both
> of them !!.. does anyone face like these problems ?! 
>  Java_lover : Walid 
> --
> To unsubscribe, e-mail:   
> <>
> For additional commands, e-mail: 
> <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message