RE : Tomcat behind IIS

[VAN DER MARLIERE FREDERIC <fr...@cdn.fr>]

In fact, what I really want is to prevent any other IIS or Apache to connect
to my 8009 connector port, for my IIS machine is used for authentication. I
don't want that someone can bypass this. 

I tried to use a Request Filter valve by adding this in my server.xml :

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
       allow="ip_address_of_my_iis_server"/>


But it doesn't work. Even if my clients don't connect directly to my Tomcat
server (only my IIS server does, and i can verify this by using the netstat
command), they are blocked by this valve. It seems that my IIS tells Tomcat
that its IP adress is my client's one. Maybe that's why my clients IP
addresses are logged in Tomcat when this valve is disabled.


So now this valve is not enabled anymore, and if someone installs a web
connector pointing to my Tomcat server, it will have access to my webapps...



Any help will be appreciated.


Fred

-----Message d'origine-----
De : SANTOS, DANIEL (SBCSI) [mailto:ds7867@sbc.com] 
Envoyé : vendredi 18 mars 2005 18:22
À : Tomcat Users List
Cc : MAES NICOLAS
Objet : RE: Tomcat behind IIS


sure, just go into your server.xml and remove the web connector

   <Connector port="8080" />

I'm using the minimal server.xml (slightly modified) so there may be more
parameters in yours.  This element is contained with in the <Service> tag
which is in the <Server> tag.

Daniel

-----Original Message-----
From: VAN DER MARLIERE FREDERIC [mailto:frederic.van_der_marliere@cdn.fr] Sent: Friday, March 18, 2005 10:58 AM
To: tomcat-user@jakarta.apache.org
Cc: MAES NICOLAS
Subject: Tomcat behind IIS


Hi all,

I installed a tomcat 5.0 behind an IIS server. Everything works fine with
the connector.

Now, I would like that Tomcat only accepts connections from this IIS server
and not from others computers (still accessible from
http://myhost:8080/myApplication <http://myhost:8080/myApplication> ).

Is there a simple way to do this in server.xml (or other tomcat config
files) or do I have to install a firewall ?

Thanks in advance.
Fred.


----------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont
confidentiels et etablis a l'intention exclusive de ses destinataires. Toute
utilisation ou diffusion non autorisee est interdite.Tout message
electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales
declinent toute responsabilite au titre de ce message s'il a ete altere,
deforme ou falsifie. This message and any attachments ( the "message") are
confidential and intended solely for the addressees. Any unauthorised use or
dissemination is prohibited.E-mails are susceptible to alteration. Neither
CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for
the message if altered, changed or falsified.
----------------------------------------------------



----------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration.
Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie.
This message and any attachments ( the "message") are confidential and intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration.
Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
----------------------------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org