tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Esmond Pitt" <>
Subject RE: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Mon, 15 Apr 2013 02:51:27 GMT

>> I agree with your comment. Adding a second box for Tomcat only means I 
>> also have to configure a firewall between them, whereas using 
>> 127.0.0.x for Tomcat protects it completely.

> No it doesn't!
> Obfuscation or indirection != security.
> HTTPD doesn't magically provide you with some extra security capability.

I don't know what you're talking about. I didn't mention HTTPD in the
message you quoted. I mentioned 127.0.0.x, and it does exactly what I said
it does. There is no 'security via obscurity' here, just a well-known TCP

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message