Ok, so if you want to restrict network access from remote Apache servers
using the mod_jserv, mod_jk, or mod_webapp connectors to Tomcat; you can't
do it with either Tomcat 3.2 or Tomcat 4.0, correct?
Sure would be nice if network access allow/deny for Connectors could be
configured for those who don't put Tomcat behind a firewall.
Regards,
Glenn
"Pier P. Fumagalli" wrote:
>
> Craig R. McClanahan <[EMAIL PROTECTED]> wrote:
> >>
> >> Tomcat 4.0 will use port 8005 as its shutdown port, will this only accept
> >> connections from localhost?
> >
> > Yes, in effect. The connection is accepted no matter where it comes from, but
> > attempts to shut down Tomcat are refused unless they are from localhost.
> >
> > AFAIK, there is no way through standard Java I/O to restrict where the
> > connection comes from at the socket accept level.
>
> BARF, Craig :) :) :) Bind your serversocket to the 127.0.0.1 address only,
> and the trick is done... (if it doesn't work, it's a JVM/OS problem)
>
> >> Is this configurable?
> >
> > Not currently, although this would be relatively easily to add.
>
> I wouldn't bother, but rather wait for the outcomes of JSR-096 (Java
> Daemons)... Even if maybe it will not make it for our final release, we can
> always incorporate their code (should come out with a BSD license), change
> the packages from javax.daemon to org.apache and keep the two in sync. When
> it finally comes out, we can simply incorporate it and change back to
> javax.daemon.
>
> >> Tomcat 4.0 will use port 8008 for its Warp Connector. Can this be filtered
> >> using the Request Filter Valve? The docs for the Request Filter refer to
> >> denying HTTP requests.
> >
> > As long as the Warp connector properly identifies where the request originated
> > (which I am pretty sure it does), you can indeed use request filters to accept
> > only requests from matching clients. However, this cannot be used to control
> > where the connection from Apache comes from -- that would require code in the
> > connector itself.
>
> Actually, that's all the way around... GetRemoteHost() and addr() return the
> Apache client, not the WARP client... Filtering at WARP level is a feature
> that can be integrated in the connector...
>
> Pier
>
> --
> ----------------------------------------------------------------------------
> Pier Fumagalli <http://www.betaversion.org/> <mailto:[EMAIL PROTECTED]>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
--
----------------------------------------------------------------------
Glenn Nielsen [EMAIL PROTECTED] | /* Spelin donut madder |
MOREnet System Programming | * if iz ina coment. |
Missouri Research and Education Network | */ |
----------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
