tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fredk2 <>
Subject RE: redirection
Date Wed, 01 Apr 2009 14:04:27 GMT

I would be better...The apache httpd web server is more versatile and its
vulnerabilities are better researched. You can also add mod_security and
other modules to further protect the Tomcat against common attacks (assuming
you do not use a WAF firewall).  Furthermore you can add more Tomcats and
balance when needed... also on unix if you do not use jsvc or iptable you
need to run tomcat as root for port 80 which is not a good idea...etc...

Rgds - Fred

Caldarale, Charles R wrote:
>> From: mateo-jl []
>> Subject: re: redirection
>> i think, the best way is to use the mod_jk module. So, in a firewall
>> environment, you can have your web server (Apache) in the non-protected
>> area and apache will redirect all requests (http:// ....:80 or nothing)
>> at your Tomcat server (http:// ....:8080) within the protected one.
> In what way would that improve security?  Since all requests would be
> forwarded to Tomcat, adding httpd accomplishes nothing except additional
> overhead and complexity.  It's silly to place *anything* in a completely
> unprotected area; you would still have a firewall in place restricting
> access to just ports 80 and 443, even if httpd were handling those ports. 
> Might as well have Tomcat handle those ports directly.
>  - Chuck
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message