tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Williamson <ja...@nameonthe.net>
Subject Re: Access-Control for Tomcat-Webserver (Version 4.0.1)
Date Thu, 06 Jun 2002 18:17:28 GMT
Actually, you shouldn't need to, on my box it only binds itself itself to the
loopback
interface. If you're on a Un*x box try a netstat -lp -t to see the interface(s)
it's listening
on, hopefully you should see something like this:

tcp        0      0 localhost:8005          *:*                     LISTEN
21700/java


> and while you're at it, you should block 8005 as someone else pointed out
> very intelligently the other day.
>
> 8005 is tomcat's control port (i don't know the official name).  If you
> type:
>
> telnet nameoftomcatserver 8005
>
> Once you connect, type
> SHUTDOWN
> and hit return.
>
> Tomcat will shut down.
>
> So you need to block this port as well, probably from every machine except
> localhost (it needs to be accessible from localhost if you want tomcat's
> shutdown script to be able to shut it down!).
>
> fillup
>
> On 6/6/02 11:04 AM, "Wagoner, Mark" <MWagoner@wildflavors.com> wrote:
>
> > Here are a couple:
> >
> > http://netfilter.samba.org/documentation/
> >
> > http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html
> >
> >
> > Note that IPTables is for kernel version 2.4.x, 2.2.x used IPChains (you can
> > find documentation on IPChains at these sites also).
> >
> > HTH
> >
> > -----Original Message-----
> > From: "Bührle, Martin, FCI1" [mailto:martin.buehrle@lfk.eads.net]
> > Sent: Thursday, June 06, 2002 1:43 PM
> > To: 'Tomcat Users List'
> > Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1)
> >
> >
> > Can You give me an hint how to configure the IPTables or where to read about
> > this?
> > Thanks.
> >
> >
> > Gruesse
> > Martin Buehrle
> >
> > _________________________________________________________________________
> > Martin Buehrle, FCI1
> > EADS - European Aeronautic Defence and Space Company
> > LFK-Lenkflugkoerpersysteme GmbH
> > Postfach 1661
> > 85705 UNTERSCHLEISSHEIM
> > Telefon: +49 89 3179-8460
> > Telefax: +49 89 3179-8927
> > eMail: Martin.Buehrle@lfk.eads.net
> > _________________________________________________________________________
> >
> >
> >
> >> -----Ursprüngliche Nachricht-----
> >> Von:    Wagoner, Mark [SMTP:MWagoner@wildflavors.com]
> >> Gesendet am:    Donnerstag, 6. Juni 2002 19:17
> >> An:    'Tomcat Users List'
> >> Betreff:    RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
> >>
> >> Sorry, I guess I should have read your question more closely.  :o/
> >>
> >> If you are on Linux you can block the request using IPTables when the
> >> source
> >> is outside your intranet.
> >>
> >> Otherwise, you may have to write a filter that examines the server port
> >> and
> >> requesting IP address.
> >>
> >>
> >> -----Original Message-----
> >> From: "Bührle, Martin, FCI1" [mailto:martin.buehrle@lfk.eads.net]
> >> Sent: Thursday, June 06, 2002 12:38 PM
> >> To: 'Tomcat Users List'
> >> Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1)
> >>
> >>
> >> Hi Mark,
> >>
> >> I cannot remove the standalone-service, because I need it for testing. Due
> >> to a bug I am not able to see changes out of my CMS-Servlet via
> >> WARP-Connector and Apache immediately. I just can see it under Port 8080 /
> >> Tomcat-Standalone-Server until I restart Tomcat in the night.
> >>
> >> We will work on this bug and in the meantime we need another
> >> access-control-solution.
> >>
> >> Thanks for reply.
> >>
> >>
> >> Gruesse
> >>  Martin Buehrle
> >>
> >> _________________________________________________________________________
> >> Martin Buehrle, FCI1
> >> EADS - European Aeronautic Defence and Space Company
> >> Postfach 1661
> >> 85705 UNTERSCHLEISSHEIM
> >> Telefax: +49 89 3179-8927
> >> eMail: Martin.Buehrle@lfk.eads.net
> >> _________________________________________________________________________
> >>
> >>
> >>
> >>> -----Ursprüngliche Nachricht-----
> >>> Von:    Wagoner, Mark [SMTP:MWagoner@wildflavors.com]
> >>> Gesendet am:    Donnerstag, 6. Juni 2002 18:13
> >>> An:    'Tomcat Users List'
> >>> Betreff:    RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
> >>>
> >>> Since you are using WARP exclusively, you can remove the
> >>> "Tomcat-Standalone"
> >>> service from your server.xml file.  After you restart Tomcat, it will no
> >>> longer be listening for HTTP requests.
> >>>
> >>> -----Original Message-----
> >>> From: "Bührle, Martin, FCI1" [mailto:martin.buehrle@lfk.eads.net]
> >>> Sent: Thursday, June 06, 2002 12:01 PM
> >>> To: 'tomcat-user@jakarta.apache.org'
> >>> Subject: Access-Control for Tomcat-Webserver (Version 4.0.1)
> >>>
> >>>
> >>> Hi List,
> >>>
> >>>
> >>> we have built up a closed Intranet for our employees with an TOmcat
> >>> (4.0.1),
> >>> Apache and WARP-Connector - Configuration
> >>> and Apache access-control, using the <LOCATION> - directive from Apache.
> >>>
> >>> Our Intranet - Content is served by a Tomcat-servlet.
> >>>
> >>>
> >>> The only problem we have, is that you can still reach the content of the
> >>> CMS-servlet under port 8080 from outside our business unit, because this
> >>> port is the standard-tomcat HTTP-Server and the apache-access-control
> >>> doesnt
> >>> work in this case.
> >>>
> >>> Within the closed intranet we need this tomcat-http-server for testing,
> >> so
> >>> I
> >>> need an access-control feature like the <Location>-directive in apache,
> >>> closing the port 8080 is not a solution so far.
> >>>
> >>> Does anybody know what to to?
> >>>
> >>> Thanks for Your help!
> >>>
> >>>
> >>>
> >>>
> >>> Gruesse
> >>>  Martin Buehrle
> >>>
> >>>
> >> _________________________________________________________________________
> >>> Martin Buehrle, FCI1
> >>> EADS - European Aeronautic Defence and Space Company
> >>> Postfach 1661
> >>> 85705 UNTERSCHLEISSHEIM
> >>> Telefax: +49 89 3179-8927
> >>> eMail: Martin.Buehrle@lfk.eads.net
> >>>
> >> _________________________________________________________________________
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> To unsubscribe, e-mail:
> >>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> >>> For additional commands, e-mail:
> >>> <mailto:tomcat-user-help@jakarta.apache.org>
> >>>
> >>> --
> >>> To unsubscribe, e-mail:
> >>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> >>> For additional commands, e-mail:
> >>> <mailto:tomcat-user-help@jakarta.apache.org>
> >>
> >> --
> >> To unsubscribe, e-mail:
> >> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> >> For additional commands, e-mail:
> >> <mailto:tomcat-user-help@jakarta.apache.org>
> >>
> >> --
> >> To unsubscribe, e-mail:
> >> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> >> For additional commands, e-mail:
> >> <mailto:tomcat-user-help@jakarta.apache.org>
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> >
> > --
> > To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> >
>
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message