tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Using RemoteAddressValve with an Apache mod_proxy_balancer
Date Mon, 21 Dec 2009 09:16:50 GMT
Bill Barker wrote:
...
> 
> Which gives a third option to the OP, which is to use the useIPVHosts="true" 
> option on the <Connector ... />, and only configure <Host .../>s for the

> ones that he wants to allow to connect (and the default Host just returns 
> 404 to every request).

Yes, that possibility was kind of nagging at me since the beginning.
This would also be valid for all protocols and all Connectors, wouldn't it ?

<Host name="defaultHost" ........>
   ... always returns 404
</Host>
<Host name="allowedHosts"  ....>
   <Alias>name-of-allowed-proxy-1</Alias>
   <Alias>name-of-allowed-proxy-2</Alias>
   <Alias>name-of-allowed-proxy-3</Alias)
...
</Host>

It is not really secure yet, but incrementally harder to fake than a 
secret or a header.  And it does not require any change of configuration 
at the proxy server level.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message