> -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, January 22, 2014 9:15 AM > To: Tomcat Users List > Subject: Re: [OT] RE: Cannot connect from outside using Tomcat > 7/APR/SSL on AWS Windows system > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Konstantin, > > On 1/22/14, 9:03 AM, Konstantin Preißer wrote: > > Hi Jeffrey, > > > >> -----Original Message----- From: Jeffrey Janner > >> [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, > >> 2014 10:19 PM > > > >> Eureka, I finally figured it out! It was a real eureka moment, some > >> remembrance burned its way up from my subconscious and I had the > >> answer. Ready guys? Really surprised no one mentioned it. It was > >> Windows F-ing Firewall!!!!! > > > > Good to hear that you could find and solve the problem. > > > > (Off topic:) > > > >> I HATE WINDOWS!!!!!! > > > > What I can't quite understand is, how one can "hate" Windows or its > > "F-ing" firewall, if they just do what they were configured to > > do... ;-) > > > > When setting up the Windows Firewall, I normally only create rules > for > > specific (TCP) ports, not for specific executables, so that the > > firewall allows connections to a TCP port regardless of what the name > > or path of the executable is. > > Actually, as surprising as it can sometimes be, I find that the Windows > firewall is better than iptables *because* it /can/ do things like > this. You can make your system a bit safer. > > For instance, if your server is compromised (yes, I know, once you're > owned, you're owned) and the attacker installs some malware of some > kind, that malware will not be able to bind to a port or even make > outgoing connections, even on "standard" outgoing ports -- for instance > HTTP. > > Lots of malware connects to external C&C servers to give instructions, > and the Windows wirewall makes it easy to prevent that from happening > even when ports like 80 are used -- and typically left wide-open on > servers. > > - -chris +1 And another reason I had in mind when I originally set it up. Just have to remember to do it for each new install, or actually read my notes on the proper way to add an instance. Again, totally my own fault here all around, but unlike you youngsters, my mind don't work as well as it used to. I'm at the stage: A banana a day keeps the doctor away. Jeff
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
