> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Is it possible to shut out
> special IP adresses or subnets by Tomcat configuration?
Yes, using a filter. But...
> A Address specified
> on this 'blacklist' should not get ANY response from Tomcat.
> Is this possible and if, how?
That is *not* possible - by the time the filter sees the request, the
TCP stack has already responded and the sender has already sent data.
If you want to deny certain IP addresses the ability to send TCP
datagrams to Tomcat, this *must* be done at OS level - anything you do
in Java (even altering Tomcat's code to reject the connection) will
cause a TCP RST to be sent to the originating machine, which counts as a
response.
OS level is probably easier to maintain and almost certainly more
secure, as you can prevent those IP addresses from seeing any other
services on the machine as well.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
