tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From michel <compu...@videotron.ca>
Subject Re: Still trying to get Tomcat 6 to work
Date Tue, 10 Feb 2009 15:34:56 GMT
Chuck,

I got this info from my hosting tech guy

"Ah, looking in the qsys account, I can see what you're doing. You're trying
to bind to port 8080 for the entire server, on top of everyone else's web
servers! It's a good job the existing httpds prevented you from doing this!"




----- Original Message ----- 
From: "Caldarale, Charles R" <Chuck.Caldarale@unisys.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, February 10, 2009 10:28 AM
Subject: RE: Still trying to get Tomcat 6 to work


> From: michel [mailto:compukat@videotron.ca]
> Subject: Re: Still trying to get Tomcat 6 to work
>
> Problem solved!

Security hole opened!  (Not really, but you tried.)

> <Connector address="91.203.57.197" port="8080"

That didn't "solve" the problem, it merely masked it.  By specifying a 
particular IP address, you're making Tomcat listen to *only* that one IP 
address, regardless of what's configured for your TCP/IP stack.  You still 
appear to have something else grabbing 0.0.0.0:8080, and you should find out 
what that is.

> <Server address="91.203.57.197" port="8005" shutdown="SHUTDOWN">

You just tried to open your Tomcat up to shutdown requests issued from 
*anywhere*.  Luckily, Tomcat is smarter than that, and doesn't honor the 
address attribute on the <Server> element.  It will listen to shutdown 
requests only on whatever IP address "localhost" evaluates to.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message