You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Michael Hale <mh...@rolemodelsoft.com> on 2001/04/07 05:04:16 UTC
Security issues with tomcat-apache combo
Here is the situation:
I have some webapps that I would like to require password access to.
I can do this using the web.xml file if I only use tomcat.
The problem:
I need to have tomcat be a plugin to apache, but when I run them together
apache handles all requests that are not for jsp's or servlets. This
causes
all non jsp or servlet stuff to be unprotected.
Questions:
Is there a way to allow tomcat to handle all requests and still be
able to use the dynamically generated mod_jk.conf-auto file?
Is there another better way to setup coordinate security in tomcat+apache?
Thanks in advance,
Michael Hale
RoleModel Software (www.rolemodelsoft.com) - The XP Software Studio
mhale@rolemodelsoft.com
919.557.6352