tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject RE: redirection
Date Wed, 01 Apr 2009 14:22:06 GMT
> From: fredk2 []
> I would be better...The apache httpd web server is more
> versatile

Irrelevant to this problem.

> and its vulnerabilities are better researched.

References for that assertion?  I'm not disagreeing, I'd just be interested in the hard data.

> You can also add
> mod_security and
> other modules to further protect the Tomcat against common
> attacks (assuming you do not use a WAF firewall).

And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just

> Furthermore you can add more Tomcats and
> balance when needed...

Irrelevant to this problem, though I agree with you in the general case.

> also on unix if you do not use jsvc or
> iptable you
> need to run tomcat as root for port 80 which is not a good
> idea...etc...

True, but that's like saying "if you do not have a lock on your front door, your front door
will not be locked which is not a good idea."  Why would anyone *not* run using jsvc or iptables?

                - Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message