tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Read-only mod_jk jk-status?
Date Fri, 13 Jun 2014 17:03:23 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I'm interested in locking-down my jk-status page so that certain users
can view the information but not modify it.

Unfortunately, the jk-status page is implemented using a single URL as
a controller with GET-parameters controlling what actually happens.
Even the "edit worker" page uses GET instead of POST, so I can't just
disable POST for all but some blessed set of users.

Does anyone have any suggestions for how jk-status could be
locked-down? I'm guessing that a whole lot of mod_rewrite rules could
do the trick by looking for certain "write" operations and rejecting
them, but that would mean being very careful about a lot of "magic"
that's being sent-around in URL parameters.

Has anyone done anything like this before?

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTmy2FAAoJEBzwKT+lPKRYZQYP/0vSiM2J5+WVC/MJ7xJZ8eIm
SriYzs3PEck/45wKrdC1W36QAqM7cvrF3V4+ojMZlkCt5rUlmhwPN2owZcgNAcWw
iO6jebIXbjlMIxV1BIFOl/IOMV4nL9AlBRsPiemhvUlJP1xzUPpAeXB0RDBXbtQe
eHOGdyLaLVn8Ub9xrIKCbEthFS76u1KfprGoVT7x1hl/EZ0o5DJHOiQVYMmEdoRV
aHGe6ogmXpi6oTG4khTGxYiCJSUOfyoeZpo5MJllqwy9Km7PpxFjRGoQndaDpC1U
L7MKPyQe9c4vTMO277rPGRijd3v02kssdi4nKCmaWP0Uu5OwK8Y2URpH3kXaeDfG
RzQ9gJY1WfuqwrTYh3l0vVFkPkkXi7Stlrb3Afxvf28taQB9CKQTdsvsj1Mt4nlL
k+tJNS5E6xDbeQm8C3hx5fyiKJY4HC6SyjFcAPIWT/mRBKPbjVrzQugfDM9VhD/z
GiNNh4jPsrPlmP5uDH+YBkKgHTrWEv+E0OFEAVLN93ETtPYfp4qVUN0ftk4BkWip
/YJxnBM1YAu6teQQin2wsw0MPgNnbDvlB7Hg52o0QNEgKxJu0RL6Yw5XDQMqDOJc
8JX/XucW/X1ZHiKtcXDe5mElB7pFJYQufaZM/Q61vEJOXeA51OV9gUjsYelve2Ml
5XhZe/6I+FPf7YB+lPpt
=Yjfd
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message