Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 42799 invoked from network); 21 Jan 2008 10:55:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Jan 2008 10:55:15 -0000 Received: (qmail 78385 invoked by uid 500); 21 Jan 2008 10:54:54 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 78366 invoked by uid 500); 21 Jan 2008 10:54:54 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 78355 invoked by uid 99); 21 Jan 2008 10:54:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jan 2008 02:54:53 -0800 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [195.227.30.246] (HELO datura.kippdata.de) (195.227.30.246) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jan 2008 10:54:27 +0000 Received: from [195.227.30.148] (larix [195.227.30.148]) by datura.kippdata.de (8.13.5/8.13.5) with ESMTP id m0LAsVaN004376 for ; Mon, 21 Jan 2008 11:54:31 +0100 (CET) Message-ID: <479479E7.1020908@kippdata.de> Date: Mon, 21 Jan 2008 11:54:31 +0100 From: Rainer Jung User-Agent: Thunderbird 2.0.0.6 (X11/20070802) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: =?ISO-8859-1?Q?R=E9f=2E_=3A_RE=3A_Filtering_the_ap?= =?ISO-8859-1?Q?ache_clients?= References: In-Reply-To: Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org jean-louis.mateo@bull.net wrote: > Hello, > > thank you Chuck, Ben and all at this list for your responses > > I think I'll try the apache "secret" feature but i don't know which > attribute it matches under tomcat ajp connector conf ? > Any idea ? At least http://tomcat.apache.org/connectors-doc/reference/workers.html tells us: Use request.useSecret="true" and request.secret="secret key word" in your Tomcat AJP Connector configuration. Unfortunately the information doesn't seem to be included in the Tomcat docs. Let us know, if it works. Regards, Rainer > > > Ben Stringer > > > cc : > Objet : RE: Filtering the apache clients > 19/01/2008 08:31 > Veuillez > r�pondre � > "Tomcat Users > List" > > > > > > On Fri, 2008-01-18 at 10:53 -0600, Caldarale, Charles R wrote: >>> From: jean-louis.mateo@bull.net [mailto:jean-louis.mateo@bull.net] >>> Subject: Filtering the apache clients >>> >>> Is there any way of configuring the Tomcat to >>> only accept AJP connections from a specific apache server? >> 1) Comment out the other elements. >> >> 2) Configure the RemoteAddrValve for the desired IP address: >> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote%20Addre >> ss%20Filter >> >> - Chuck > > In addition to Chuck's suggestions, you may also be interested in the > "secret" setting that can be set in workers.properties on Apache HTTPD > and in the tomcat connector conf. This allows you to specify a shared > secret between Apache HTTPD and Tomcat, so connections will only be > accepted if the secret is provided in the connection attempt. > > Search for "secret" in this page: > > http://tomcat.apache.org/connectors-doc/reference/workers.html > > Cheers, Ben --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org