tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Esmond Pitt" <esmond.p...@bigpond.com>
Subject RE: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Mon, 15 Apr 2013 02:51:27 GMT

>> I agree with your comment. Adding a second box for Tomcat only means I 
>> also have to configure a firewall between them, whereas using 
>> 127.0.0.x for Tomcat protects it completely.

> No it doesn't!
> Obfuscation or indirection != security.
> HTTPD doesn't magically provide you with some extra security capability.

I don't know what you're talking about. I didn't mention HTTPD in the
message you quoted. I mentioned 127.0.0.x, and it does exactly what I said
it does. There is no 'security via obscurity' here, just a well-known TCP
mechanism.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message