tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat 8, Apache 2.4, Tomcat Connector 1.2.40, Windows 7 home basic issue
Date Thu, 01 Jan 2015 14:15:51 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sandip,

On 1/1/15 12:19 AM, Sandip Gaikwad wrote:
> Could you please let me know how to block direct access to tomcat
> and allow access through apache http server only?
> 
> I used http:// 
> http://www.slideshare.net/mohanraj_nagasamy/integrating-tomcat-and-apache-on-windows-presentation
>
> 
for reference.

tl;dr

> What indicates that each request is coming from apache httpd only?

Nothing, really. There are ways to determine this, but you are better
off solving the root problem.

> Example: i have added following code in httpd.conf # Send
> everything for context /example1 to worker named worker1 (ajp13) 
> JkMount /example1/* worker1
> 
> in tomcat i have two apps example1 and example2
> 
> I am expecting to access only http://localhost/example1 . But i can
> access http://localhost/example2 as well.
> 
> How can i stop http://localhost/example2 from being accessed?

Only one process can bind to a single interface+port, so you need to
figure out whether Tomcat or httpd is using port 80.

If httpd is bound to port 80, then the only reasons why a request to
/example2 would hit your application are:

   a) You have a JkMount somewhere for that
   b) You have made your DocumentRoot = appbase

The first is easy to fix: just remove that JkMount.
The second is a horrible security problem that you'll need to fix
immediately.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUpVaXAAoJEBzwKT+lPKRYY5AQAJ6+2NAhVtCWl1KMSQj2FGr8
TMh/cpFAUiFY8NYbxLhPLZnELf/PhoCZlBAHnUJN7j+ozr5YbjbBW7sVJ9kI3yu8
W1lB5zlxZKuVGBp3+GZsMdQcMDr/tg4Jkr8/TFKqUZOo5RPeTVoXxy+azdCNyMuy
BdogSIpqpxc1k6r1lQOGljiKzXiZJDdpkJwDau1mnzY8eO54pxZWHIJI63c4gu5y
akinaEncJDzI5dFwAQWiL/C+CtO8ujiUePH+FfpwfzoQozqIa+hpCaipwtOdc+0Z
V1qCSzLQDMAIKcuPWGnFrn9D8s24f8SasfAh83ca6oA8Ht4YoOEJILhCC81gRFhj
HGBLuVtAyfIKYza8Vn3QIoGDzqM/YqCdeOSrZKPkfnhma/lYy7JeuNfzXs8av3Eg
q0R8+4K1Bdl8I1J3rDZv/fuQMpWcYcuXpbdHJJ8Iwr7yeSVESrKT/HLtEZJIqBwI
F4FucgZUtkzgxodFqKrZBNgHNt0Bqnph04xVivqidhZvdE6SKap3/U5iSHXBNWcP
AGlWdWt2pqiWzCA0sHdQaw9AWlOB5RAGGebotnidu2V8PNiNwsjO5Llg0feagr9a
rikDkOpwChF3+u5z9yztCBgcNHBo1Nf4UW2eijqtsci+0OJ4cA75A4xjpd5AvrAj
Bz0SrueuRUKvwSEvJus7
=pJXZ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message