DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12249>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12249 tomcat binds to IP addresses it is configured not to bind to Summary: tomcat binds to IP addresses it is configured not to bind to Product: Tomcat 4 Version: 4.0.4 Final Platform: Other OS/Version: Other Status: NEW Severity: Blocker Priority: Other Component: Connector:Coyote HTTP/1.1 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The "address" parameter to the HTTP/1.1 connector is supposed to tell Tomcat to bind to a specific IP address. This worked fine in v4.0.3. In v4.0.4 Tomcat binds to all available addresses on the machine, even when told not to. This enables a Tomcat protected by the proxy to be bypassable, which is a security issue. This same problem exists on both the old HTTP/1.1 connector, and the new Coyote HTTP/1.1 connector. Has this option been renamed and the docs not updated? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
