* Edward Quick wrote (28/04/06 10:53): > >> > Hi, >> > >> > I have an Apache mod_jk Tomcat server set up on the same host, and want >>to >> > restrict access to the Tomcat so that only the Apache on the localhost >>can >> > connect to port 8009. >> > >> > I tried using org.apache.catalina.valves.RemoteAddrValve, with >> > allow="127.0.0.1", but the issue is that Tomcat picks up the IP address >>of >> > the client, and not the Apache which is passing traffic onto it. >> > >> > Is there a way round this? >> >> >><Connector port="8009" protocol="AJP/1.3" >> address="127.0.0.1"> >> >>Won't that do it? >> >>Chris >> > > I don't think so because that's saying, bind the ajp listener to the > localhost. It's not saying restrict access to the ajp listener to localhost.
If it's bound to the loopback interface only, then only local applications will be able to connect to it. Nothing else can access 127.0.0.1. Try it, and then try using telnet i.p.add.ress 8009 from a different machine You should get connection refused. I'm fairly confident that this solves your problem. Chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
