tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Einfeldt" <>
Subject AW: Access-Control for Tomcat-Webserver (Version 4.0.1)
Date Fri, 07 Jun 2002 06:09:37 GMT
Depending on how good you wan't to disable access from the outside
and what the outside is (other departments, internet) there are at
least the following options:

- Use org.apache.catalina.valves.RemoteHostValve or
  To allow/block certain Hosts/IP's.
  Have a look at

- Build you own protection.
  E.G. create a filter that checks if the sever port is 8080
  and blocks every request where the client doesn't belong to 
  list of IP's.

- Use authentication
  If you don't want to enter username and password each time
  you login to the application you can use client certificates

- Use a firewall
  To restrict the access inside an intranet it's
  possibe to use a (software) firewall on the server 
  that disables the port for all IP outside of the 

> -----Urspr├╝ngliche Nachricht-----
> Von: "B├╝hrle, Martin, FCI1" []
> Gesendet: Donnerstag, 6. Juni 2002 18:01
> An: ''
> Betreff: Access-Control for Tomcat-Webserver (Version 4.0.1)
> The only problem we have, is that you can still reach the 
> content of the CMS-servlet under port 8080 from outside our 
> business unit, because this port is the standard-tomcat 
> HTTP-Server and the apache-access-control doesnt
> work in this case.

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message