RE: java/tomcat & libwrap

Tue, 20 Nov 2001 00:28:27 -0800 

>J> I hope this is not TOO stupid of a question but.... Tomcat uses
>J> port 8007 for communications with apache. Is there a way, or does
>J> it already exist, to tcp wrap this port? I have noticed that MANY
>J> other daemon or daemon like apckages support this function. Java on
>J> the other hand seems to behave differently in this regard.
>
>The Tomcat documentation suggests to use ipchains/iptables for that.

Yes, you could do that. You must know that ajp12 is somewhat deprecated
and has been replaced by ajp13 for web-server / tomcat communication.
It's only used now to send the command to shutdown Tomcat, command
which should came from localhost for security purposes.

May I suggest you try Tomcat 3.3 (this is the Reference Implementation 
now for Serlvet 2.2/JSP 1.1) since it's default connector is now ajp13
with ajp12 configured by default to listen only on localhost :

from TC 3.3 server.xml 

        <Ajp12Connector address="127.0.0.1" port="8007"
AjpidFile="/var/spool/tomcat/ajp12.id" />

        <!-- Apache AJP13 support (mod_jk)
             Parameter "address" defines network interface this Interceptor
             "binds" to. Add it if you want to "bind" to just "127.0.0.1".

             address="127.0.0.1"

             Parameter "tomcatAuthentication", controls if Tomcat honors 
             ( and uses ) auth done in HTTP Server or not, when true Tomcat
does 
             not use in any way auth information provided by the HTTP
Server. 
             true is the default. 
             
             tomcatAuthentication="false"
             

          -->
        <Ajp13Connector port="8009" />


>An even better solution would be: only listen to requests from
>localhost.

Sure, take a look upper at part of server.xml

Nota, that ajp12/ajp13 have no support for authentification of
both end, but the new ajp14 add this functionnality, together
with more advanced features like autoconfiguration :=)

ajp14 is present on subproject, jakarta-tomcat-connectors, which
is available via CVS....

-
Henri Gomez                 ___[_]____
EMAIL : [EMAIL PROTECTED]        (. .)                     
PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to