On 07.07.2016 14:27, Amit Pande wrote:
Thanks for the reply André.

Sorry I missed to mention the version but I am using Tomcat 8.0.30.

Does the address component of the standard connector attribute take
multiple entries ? E.g.address = ³127.0.0.1, localhost ³ ?

I think my requirement is a different here. Tomcat listening on two ports
, but I want to configure connecting to my web app using one of it via
only the localhost and thus I wanted to set appropriate remote address
filters.


How many <Host> elements do you have in your configuration ?
(and please reply in-line, below here, not at the top. It's easier to follow the conversation that way.)







Thanks,
Amit

On 07/07/16 4:05 pm, "André Warnier (tomcat)" <a...@ice-sa.com> wrote:

On 07.07.2016 11:57, Amit Pande wrote:
Hello all,


In my server.xml, within in single Service element,

I have two HTTP connectors defined listening on two different ports
(12345
& 54321 for example).

It is possible to apply the remote address/host filter so that request
to
one of the ports (12345) are allowed only via localhost ? And requests
to
other port (54321) are allowed from everywhere.


You do not indicate your Tomcat version, but what about :
http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#Common_Attributes
-> Standard Implementation -> address
?

If you set one Connector to listen only on 127.0.0.1 (localhost), then
only requests
originating from the same localhost will be able to reach it, since that
address means
nothing for other hosts.
On the other hand, set the other Connector to listen to the public IP of
the host, which
should be accessible from anywhere. (Or just don't set it, and it will be
accessible also
from localhost).

It is not the same as "allowing" accesses from various client IP's. But
it achieves the
same effect, in your case as you describe it above.



Or do I need to configure multiple service elements for this type of
requirement ?


Note that access to the Connector, or the port, does not correlate to
access to the Hosts,
or the applications.
If /that/ is really your requirement, then you need something else.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to