tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Unexpected errors after opening port 80
Date Fri, 03 Sep 2010 15:30:10 GMT
On 03/09/2010 16:01, Caldarale, Charles R wrote:
>> From: Pid [mailto:pid@pidster.com] 
>> Subject: Re: Unexpected errors after opening port 80
> 
>> How does this have any bearing on a firewall port being 
>> opening and some database errors?
> 
> It's possible that opening port 80 has enabled a much larger set of attacks to get through
the firewall now, and make it to the back end.  If the webapps under Tomcat should be accessible
only via HTTPS, they should have a <transport-guarantee> setting of CONFIDENTIAL in
their WEB-INF/web.xml files; this will stop all regular HTTP requests dead in their tracks.
 (Or you could just remove the port 80 <Connector>.)  If you want to keep port 80 open
for in-house use, you can add a valve to insure that only known IP addresses come through
that door.

Fair point.


p

>  - Chuck
> 
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


Mime
View raw message