On 11/15/2011 06:56 PM, Tim Watts wrote:
>> Perhaps an alternative that may work "good enough" would be to bind 8080
>> to localhost and 80 to a "public" IP address. Or, similarly, if the
>> machined is multi-homed bind each port to different addresses.
>> Presumably, you'd want the 8080 address to be on an address that doesn't
>> have a route to the Internet.
>>
>> See 'address' on /docs/config/http.html .
>>
>> All the apps will still be available on both ports but if you're
>> concerned about the public accessing 'manager' then putting it on an
>> address they can't reach would give you some measure of isolation.
>>
>> Of course, this also means *you* can't reach 'manager' from "outside"
>> either -- unless you tunnel in via ssh or something.
>>
>
> And of course, no need to use different ports if you're using different
> addresses. But I'm sure that light would have come on soon enough :-)
Eh. Unfortunately I have only one IP on the box, publicly visible. The
general idea was to protect manager app from 'the world'. But I managed
to set up Valve within the manager context that would block access to it
(manager) from all but the specified IPs.
Thank you both for your inputs, I actually just wanted to make sure I
can't do what I initially wanted :)
Mario
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
