Howdy!
I'm trying to ensure that only specific instances of Apache are allowed
to proxy requests into my Tomcat 5.5.28 instances. Unfortunately, it
looks like Tomcat is seeing the actual client IP making the original
request to Apache. Does anyone have a configuration that only allows
specific Apache (mod_)proxies to be serviced by Tomcat?
I will be using other ways to protect Tomcat, but I'd like something
inside Tomcat filtering these AJP requests too, and RemoteAddressValve
sounds like it should work :)
Here's what I'm using now --
Apache:
ProxyPass / balancer://foo/ stickysession=JSESSIONID nofailover=On
<Proxy balancer://foo>
BalancerMember ajp://host1:1234 route=foo
BalancerMember ajp://host2:1235 route=foo
</Proxy>
Tomcat:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1,apache-front-end-ip"/>
Additionally, I'm noticing 403s returned from Tomcat via AJP are showing
up as empty pages in Apache, instead of showing a default 403 page like
Apache usually does.
Thanks for any insight!
--
Martin B. Smith
smit...@ufl.edu - (352) 273-1374
CNS/Open Systems Group
University of Florida
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
