Thanks Gregor, that's very interesting for production environments. I'll
try it.
Cheers.
M.
Gregor Schneider wrote:
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken <zakmc...@yahoo.it> wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's a walk in the park...
My Tomcat is serving a number of webapps, I want to restrict access to one
only (the others are proper end-user-dedicated applications). Furthermore,
it's more modular if I can set up such restriction rules into the app's WAR,
rather than at Tomcat configuration level. So, it should be as previously
explained, or am I missing something?
That wasn't clear to me.
Have you ever thought about fronting Tomcat with Apache HTTPD, then
connecting it via mod_jk?
Thus, Tomcat would listen on localhost only, and Apache HTTPD takes
care about forwarding appropriate requests to Tomcat on localhost.
Besides, you could use Apache's mod_authz
(http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html) to specify
the authorized ips / hosts.
Might be a little bit more work beforehand, but that would be my
preferred solution.
Rgds
Gregor
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
