You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/13 08:42:11 UTC
DO NOT REPLY [Bug 23759] New: -
allow web.xml security-constraint to restrict by request-origin-host or used-port
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23759>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23759
allow web.xml security-constraint to restrict by request-origin-host or used-port
Summary: allow web.xml security-constraint to restrict by
request-origin-host or used-port
Product: Tomcat 4
Version: 4.1.28
Platform: Other
URL: http://www.cafesoft.com/products/cams/tomcat-
security.html
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: hauser@acm.org
it would be great to be able to restrict access by port or origin host or to
have "Deny lists" as described in the above URL e.g.
to allow a cron-job (struts) action only be triggered from my server's LAN or
such that this particular action can only be triggered if the request to do so
comes in via a specified non-standard port that is not open on my firewall.
P.S.: Is there anywhere a comprehensive description of what can be done with
security-constraints?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org