tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor Schneider <rc4...@googlemail.com>
Subject Re: RemoteAddrValve and RemoteHostValve
Date Mon, 02 Mar 2009 10:57:44 GMT
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken <zakmck73@yahoo.it> wrote:
> Gregor Schneider wrote:
>>
>> you've been asking the valve-stuff because you want to limit the
>> access to requests coming from localhost only?
>
> Yep!
>
>> why then not make tomcat listen on localhost only? configuration for
>> that's a walk in the park...
>>
>
> My Tomcat is serving a number of webapps, I want to restrict access to one
> only (the others are proper end-user-dedicated applications). Furthermore,
> it's more modular if I can set up such restriction rules into the app's WAR,
> rather than at Tomcat configuration level. So, it should be as previously
> explained, or am I missing something?
>

That wasn't clear to me.

Have you ever thought about fronting Tomcat with Apache HTTPD, then
connecting it via mod_jk?

Thus, Tomcat would listen on localhost only, and Apache HTTPD takes
care about forwarding appropriate requests to Tomcat on localhost.

Besides, you could use Apache's mod_authz
(http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html) to specify
the authorized ips / hosts.

Might be a little bit more work beforehand, but that would be my
preferred solution.

Rgds

Gregor
-- 
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message