Web security accessing AXIS on Tomcat

["Carlos S. Zamudio" <cs...@msn.com>]

Hi.
I'm new to AXIS2 and Web Services in general. I've been able to get things
going with AXIS2 configured using Tomcat.  I've been able to build and run
the samples and have build some of my own now, running in my Intranet.  This
is great stuff.  
 
What is mystery to me, however, is how to ensure security when I make my web
services available over the Internet.  I have to open the Tomcat port in my
firewall, but then web users could stumble onto the Tomcat home page and the
AXIS2 home page.  Of course, both are protected by administrator passwords,
but is there a mechanism to inhibit the browsing of these pages without
affecting access to the web services?  I'm just not getting how this would
work and I didn't find any clues in the documentation.
 
Thanks.
Carlos