tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Morelock <subscripti...@phillipmorelock.com>
Subject Re: Access-Control for Tomcat-Webserver (Version 4.0.1)
Date Thu, 06 Jun 2002 18:38:52 GMT
good to know!

fillup


On 6/6/02 11:17 AM, "James Williamson" <james@nameonthe.net> wrote:

> Actually, you shouldn't need to, on my box it only binds itself itself to the
> loopback
> interface. If you're on a Un*x box try a netstat -lp -t to see the
> interface(s)
> it's listening
> on, hopefully you should see something like this:
> 
> tcp        0      0 localhost:8005          *:*                     LISTEN
> 21700/java
> 
> 
>> and while you're at it, you should block 8005 as someone else pointed out
>> very intelligently the other day.
>> 
>> 8005 is tomcat's control port (i don't know the official name).  If you
>> type:
>> 
>> telnet nameoftomcatserver 8005
>> 
>> Once you connect, type
>> SHUTDOWN
>> and hit return.
>> 
>> Tomcat will shut down.
>> 
>> So you need to block this port as well, probably from every machine except
>> localhost (it needs to be accessible from localhost if you want tomcat's
>> shutdown script to be able to shut it down!).
>> 
>> fillup
>> 
>> On 6/6/02 11:04 AM, "Wagoner, Mark" <MWagoner@wildflavors.com> wrote:
>> 
>>> Here are a couple:
>>> 
>>> http://netfilter.samba.org/documentation/
>>> 
>>> http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html
>>> 
>>> 
>>> Note that IPTables is for kernel version 2.4.x, 2.2.x used IPChains (you can
>>> find documentation on IPChains at these sites also).
>>> 
>>> HTH
>>> 
>>> -----Original Message-----
>>> From: "Bührle, Martin, FCI1" [mailto:martin.buehrle@lfk.eads.net]
>>> Sent: Thursday, June 06, 2002 1:43 PM
>>> To: 'Tomcat Users List'
>>> Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1)
>>> 
>>> 
>>> Can You give me an hint how to configure the IPTables or where to read about
>>> this?
>>> Thanks.
>>> 
>>> 
>>> Gruesse
>>> Martin Buehrle
>>> 
>>> _________________________________________________________________________
>>> Martin Buehrle, FCI1
>>> EADS - European Aeronautic Defence and Space Company
>>> LFK-Lenkflugkoerpersysteme GmbH
>>> Postfach 1661
>>> 85705 UNTERSCHLEISSHEIM
>>> Telefon: +49 89 3179-8460
>>> Telefax: +49 89 3179-8927
>>> eMail: Martin.Buehrle@lfk.eads.net
>>> _________________________________________________________________________
>>> 
>>> 
>>> 
>>>> -----Ursprüngliche Nachricht-----
>>>> Von:    Wagoner, Mark [SMTP:MWagoner@wildflavors.com]
>>>> Gesendet am:    Donnerstag, 6. Juni 2002 19:17
>>>> An:    'Tomcat Users List'
>>>> Betreff:    RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
>>>> 
>>>> Sorry, I guess I should have read your question more closely.  :o/
>>>> 
>>>> If you are on Linux you can block the request using IPTables when the
>>>> source
>>>> is outside your intranet.
>>>> 
>>>> Otherwise, you may have to write a filter that examines the server port
>>>> and
>>>> requesting IP address.
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: "Bührle, Martin, FCI1" [mailto:martin.buehrle@lfk.eads.net]
>>>> Sent: Thursday, June 06, 2002 12:38 PM
>>>> To: 'Tomcat Users List'
>>>> Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1)
>>>> 
>>>> 
>>>> Hi Mark,
>>>> 
>>>> I cannot remove the standalone-service, because I need it for testing. Due
>>>> to a bug I am not able to see changes out of my CMS-Servlet via
>>>> WARP-Connector and Apache immediately. I just can see it under Port 8080
/
>>>> Tomcat-Standalone-Server until I restart Tomcat in the night.
>>>> 
>>>> We will work on this bug and in the meantime we need another
>>>> access-control-solution.
>>>> 
>>>> Thanks for reply.
>>>> 
>>>> 
>>>> Gruesse
>>>>  Martin Buehrle
>>>> 
>>>> _________________________________________________________________________
>>>> Martin Buehrle, FCI1
>>>> EADS - European Aeronautic Defence and Space Company
>>>> Postfach 1661
>>>> 85705 UNTERSCHLEISSHEIM
>>>> Telefax: +49 89 3179-8927
>>>> eMail: Martin.Buehrle@lfk.eads.net
>>>> _________________________________________________________________________
>>>> 
>>>> 
>>>> 
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von:    Wagoner, Mark [SMTP:MWagoner@wildflavors.com]
>>>>> Gesendet am:    Donnerstag, 6. Juni 2002 18:13
>>>>> An:    'Tomcat Users List'
>>>>> Betreff:    RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
>>>>> 
>>>>> Since you are using WARP exclusively, you can remove the
>>>>> "Tomcat-Standalone"
>>>>> service from your server.xml file.  After you restart Tomcat, it will
no
>>>>> longer be listening for HTTP requests.
>>>>> 
>>>>> -----Original Message-----
>>>>> From: "Bührle, Martin, FCI1" [mailto:martin.buehrle@lfk.eads.net]
>>>>> Sent: Thursday, June 06, 2002 12:01 PM
>>>>> To: 'tomcat-user@jakarta.apache.org'
>>>>> Subject: Access-Control for Tomcat-Webserver (Version 4.0.1)
>>>>> 
>>>>> 
>>>>> Hi List,
>>>>> 
>>>>> 
>>>>> we have built up a closed Intranet for our employees with an TOmcat
>>>>> (4.0.1),
>>>>> Apache and WARP-Connector - Configuration
>>>>> and Apache access-control, using the <LOCATION> - directive from
Apache.
>>>>> 
>>>>> Our Intranet - Content is served by a Tomcat-servlet.
>>>>> 
>>>>> 
>>>>> The only problem we have, is that you can still reach the content of
the
>>>>> CMS-servlet under port 8080 from outside our business unit, because this
>>>>> port is the standard-tomcat HTTP-Server and the apache-access-control
>>>>> doesnt
>>>>> work in this case.
>>>>> 
>>>>> Within the closed intranet we need this tomcat-http-server for testing,
>>>> so
>>>>> I
>>>>> need an access-control feature like the <Location>-directive in
apache,
>>>>> closing the port 8080 is not a solution so far.
>>>>> 
>>>>> Does anybody know what to to?
>>>>> 
>>>>> Thanks for Your help!
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Gruesse
>>>>>  Martin Buehrle
>>>>> 
>>>>> 
>>>> _________________________________________________________________________
>>>>> Martin Buehrle, FCI1
>>>>> EADS - European Aeronautic Defence and Space Company
>>>>> Postfach 1661
>>>>> 85705 UNTERSCHLEISSHEIM
>>>>> Telefax: +49 89 3179-8927
>>>>> eMail: Martin.Buehrle@lfk.eads.net
>>>>> 
>>>> _________________________________________________________________________
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> To unsubscribe, e-mail:
>>>>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>>> For additional commands, e-mail:
>>>>> <mailto:tomcat-user-help@jakarta.apache.org>
>>>>> 
>>>>> --
>>>>> To unsubscribe, e-mail:
>>>>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>>> For additional commands, e-mail:
>>>>> <mailto:tomcat-user-help@jakarta.apache.org>
>>>> 
>>>> --
>>>> To unsubscribe, e-mail:
>>>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>> For additional commands, e-mail:
>>>> <mailto:tomcat-user-help@jakarta.apache.org>
>>>> 
>>>> --
>>>> To unsubscribe, e-mail:
>>>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>>> For additional commands, e-mail:
>>>> <mailto:tomcat-user-help@jakarta.apache.org>
>>> 
>>> --
>>> To unsubscribe, e-mail:
>>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>> For additional commands, e-mail:
>>> <mailto:tomcat-user-help@jakarta.apache.org>
>>> 
>>> --
>>> To unsubscribe, e-mail:
>>> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>>> For additional commands, e-mail:
>>> <mailto:tomcat-user-help@jakarta.apache.org>
>>> 
>> 
>> --
>> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message