tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zak Mc Kracken <zakmc...@yahoo.it>
Subject Re: RemoteAddrValve and RemoteHostValve
Date Mon, 02 Mar 2009 13:41:59 GMT
Thanks Gregor, that's very interesting for production environments. I'll 
try it.

Cheers.

M.


Gregor Schneider wrote:
> On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken <zakmck73@yahoo.it> wrote:
>> Gregor Schneider wrote:
>>> you've been asking the valve-stuff because you want to limit the
>>> access to requests coming from localhost only?
>> Yep!
>>
>>> why then not make tomcat listen on localhost only? configuration for
>>> that's a walk in the park...
>>>
>> My Tomcat is serving a number of webapps, I want to restrict access to one
>> only (the others are proper end-user-dedicated applications). Furthermore,
>> it's more modular if I can set up such restriction rules into the app's WAR,
>> rather than at Tomcat configuration level. So, it should be as previously
>> explained, or am I missing something?
>>
> 
> That wasn't clear to me.
> 
> Have you ever thought about fronting Tomcat with Apache HTTPD, then
> connecting it via mod_jk?
> 
> Thus, Tomcat would listen on localhost only, and Apache HTTPD takes
> care about forwarding appropriate requests to Tomcat on localhost.
> 
> Besides, you could use Apache's mod_authz
> (http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html) to specify
> the authorized ips / hosts.
> 
> Might be a little bit more work beforehand, but that would be my
> preferred solution.
> 
> Rgds
> 
> Gregor


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message