You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by VAN DER MARLIERE FREDERIC <fr...@cdn.fr> on 2005/03/21 14:50:56 UTC
RE : tomcat-user Digest 20 Mar 2005 16:09:13 -0000 Issue 5487
In fact, what I really want is to prevent any other IIS or Apache to connect
to my 8009 connector port, for my IIS machine is used for authentication. I
don't want that someone can bypass this.
I tried to use a Request Filter valve by adding this in my server.xml :
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="ip_address_of_my_iis_server"/>
But it doesn't work. Even if my clients don't connect directly to my Tomcat
server (only my IIS server does, and i can verify this by using the netstat
command), they are blocked by this valve. It seems that my IIS tells Tomcat
that its IP adress is my client's one. Maybe that's why my clients IP
addresses are logged in Tomcat when this valve is disabled.
So now this valve is not enabled anymore, and if someone installs a web
connector pointing to my Tomcat server, it will have access to my webapps...
Any help will be appreciated.
Fred
> -----Message d'origine-----
> De : tomcat-user-digest-help@jakarta.apache.org
> [mailto:tomcat-user-digest-help@jakarta.apache.org
> <ma...@jakarta.apache.org> ]
> Envoyé : dimanche 20 mars 2005 17:09
> À : tomcat-user@jakarta.apache.org
> Objet : tomcat-user Digest 20 Mar 2005 16:09:13 -0000 Issue 5487
>
> << Fichier: ATT46691.txt >> << Message: java.lang.NoClassDefFoundError:
> org/apache/tools/ant/types/RedirectorElement >> << Message: Re:
> java.lang.NoClassDefFoundError:
> org/apache/tools/ant/types/RedirectorElement >> << Message: JSP being
> interpreted? >> << Message: Re: JSP being interpreted? >> << Message:
> Re: JSP being interpreted? >> << Message: Re: [Slightly OT] MVC approach
> when JSP are not allowed >> << Message: Re: [Slightly OT] MVC approach
> when JSP are not allowed >> << Message: Re: [Slightly OT] MVC approach
> when JSP are not allowed >> << Message: Re: [Slightly OT] MVC approach
> when JSP are not allowed >> << Message: servlet api question >> <<
> Message: JSP compile with jdk 1.5 in 5.5.7 >> << Message: Re: mod_jk
> under Win32 (Tomcat 5.0.28, apache 1.13.33) >> << Message: Tomcat not
> running(4.0.6/5.0.19)-urgent >> << Message: Re: Tomcat not
> running(4.0.6/5.0.19)-urgent >> << Message: Re: Tomcat not
> running(4.0.6/5.0.19)-urgent >> << Message: Re: Tomcat not
> running(4.0.6/5.0.19)-urgent >> << Message: Re: How to setup demo app? >>
> << Message: Re: Tomcat 5 on VPS service stops, still no luck. >> <<
> Message: Re: Authentication for streaming file (OT) >> << Message: Re:
> Authentication for streaming file (OT) >> << Message: Re: Using
> RealmBase.Digest(...) >> << Message: Re: Using RealmBase.Digest(...) >>
> << Message: Re: Tomcat not running >> << Message: How to speed up
> development wie AppServer >> << Message: Tomcat rookie needs help
> building application >> << Message: Re: Tomcat rookie needs help building
> application >> << Message: Howto MBean >>
----------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de ses destinataires.
Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration.
Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie.
This message and any attachments ( the "message") are confidential and intended solely for the addressees.
Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration.
Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
----------------------------------------------------
Re: RE : tomcat-user Digest 20 Mar 2005 16:09:13 -0000 Issue 5487
Posted by Jess Holle <je...@ptc.com>.
Isn't a firewall what you really want/need, i.e. to disallow connections
to port 8009 except when they come from your IIS server?
VAN DER MARLIERE FREDERIC wrote:
>In fact, what I really want is to prevent any other IIS or Apache to connect
>to my 8009 connector port, for my IIS machine is used for authentication. I
>don't want that someone can bypass this.
>
>I tried to use a Request Filter valve by adding this in my server.xml :
>
><Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="ip_address_of_my_iis_server"/>
>
>
>But it doesn't work. Even if my clients don't connect directly to my Tomcat
>server (only my IIS server does, and i can verify this by using the netstat
>command), they are blocked by this valve. It seems that my IIS tells Tomcat
>that its IP adress is my client's one. Maybe that's why my clients IP
>addresses are logged in Tomcat when this valve is disabled.
>
>
>So now this valve is not enabled anymore, and if someone installs a web
>connector pointing to my Tomcat server, it will have access to my webapps...
>
>
>
>Any help will be appreciated.
>
>
>Fred
>
>
>
>> -----Message d'origine-----
>>De : tomcat-user-digest-help@jakarta.apache.org
>>[mailto:tomcat-user-digest-help@jakarta.apache.org
>><ma...@jakarta.apache.org> ]
>>Envoyé : dimanche 20 mars 2005 17:09
>>À : tomcat-user@jakarta.apache.org
>>Objet : tomcat-user Digest 20 Mar 2005 16:09:13 -0000 Issue 5487
>>
>> << Fichier: ATT46691.txt >> << Message: java.lang.NoClassDefFoundError:
>>org/apache/tools/ant/types/RedirectorElement >> << Message: Re:
>>java.lang.NoClassDefFoundError:
>>org/apache/tools/ant/types/RedirectorElement >> << Message: JSP being
>>interpreted? >> << Message: Re: JSP being interpreted? >> << Message:
>>Re: JSP being interpreted? >> << Message: Re: [Slightly OT] MVC approach
>>when JSP are not allowed >> << Message: Re: [Slightly OT] MVC approach
>>when JSP are not allowed >> << Message: Re: [Slightly OT] MVC approach
>>when JSP are not allowed >> << Message: Re: [Slightly OT] MVC approach
>>when JSP are not allowed >> << Message: servlet api question >> <<
>>Message: JSP compile with jdk 1.5 in 5.5.7 >> << Message: Re: mod_jk
>>under Win32 (Tomcat 5.0.28, apache 1.13.33) >> << Message: Tomcat not
>>running(4.0.6/5.0.19)-urgent >> << Message: Re: Tomcat not
>>running(4.0.6/5.0.19)-urgent >> << Message: Re: Tomcat not
>>running(4.0.6/5.0.19)-urgent >> << Message: Re: Tomcat not
>>running(4.0.6/5.0.19)-urgent >> << Message: Re: How to setup demo app? >>
>><< Message: Re: Tomcat 5 on VPS service stops, still no luck. >> <<
>>Message: Re: Authentication for streaming file (OT) >> << Message: Re:
>>Authentication for streaming file (OT) >> << Message: Re: Using
>>RealmBase.Digest(...) >> << Message: Re: Using RealmBase.Digest(...) >>
>><< Message: Re: Tomcat not running >> << Message: How to speed up
>>development wie AppServer >> << Message: Tomcat rookie needs help
>>building application >> << Message: Re: Tomcat rookie needs help building
>>application >> << Message: Howto MBean >>
>>
>>
>
>
>----------------------------------------------------
>Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et etablis a l'intention exclusive de ses destinataires.
>Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration.
>Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie.
>This message and any attachments ( the "message") are confidential and intended solely for the addressees.
>Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration.
>Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified.
>----------------------------------------------------
>
>
>
>