You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by GOMEZ Henri <hg...@slib.fr> on 2001/01/16 22:29:06 UTC

mod_jk ACL - next

Hi,

I'm busy these days and didn't have many time on ACL for mod_jk.
Before investing too many times, just want to describe the plan :

1) Create stuff to handle InetMask a là hosts.allow / hosts.deny.
   Data initialized via config in server.xml 

	From 3.2 server.xml

        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler" 
       value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
	     <Parameter name="port" value="8009"/>
            <Parameter name="deny" value="ALL"/>
            <Parameter name="allow" value="172.168.1.0/24"/>
            <Parameter name="allow" value="127.0.0.1"/>
        </Connector>

	After connection, ACL is checked and connection closed (and warned)
	if rules not meet 
....

2) The ACL stuff could also be used in a Realm ? 

Thanks for more Lights ;-)

Re: mod_jk ACL - next

Posted by cm...@yahoo.com.

> >         <Connector className="org.apache.tomcat.service.PoolTcpConnector">
> >             <Parameter name="handler"
> >        value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
> >              <Parameter name="port" value="8009"/>
> >             <Parameter name="deny" value="ALL"/>
> >             <Parameter name="allow" value="172.168.1.0/24"/>
> >             <Parameter name="allow" value="127.0.0.1"/>
> >         </Connector>
> >
> >         After connection, ACL is checked and connection closed (and warned)
> >         if rules not meet
> > ....
> >
> 
> Just out of curiousity, can't you use Apache's standard filtering directives in
> conjunction with MOD_JK?  Why do you need to implement it here as well?

The goal is to protect the tomcat instance - the apache directives are
protecting the apache server. 
( it is needed to prevent possible security problems )


Costin

Re: mod_jk ACL - next

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

GOMEZ Henri wrote:

> Hi,
>
> I'm busy these days and didn't have many time on ACL for mod_jk.
> Before investing too many times, just want to describe the plan :
>
> 1) Create stuff to handle InetMask a là hosts.allow / hosts.deny.
>    Data initialized via config in server.xml
>
>         From 3.2 server.xml
>
>         <Connector className="org.apache.tomcat.service.PoolTcpConnector">
>             <Parameter name="handler"
>        value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
>              <Parameter name="port" value="8009"/>
>             <Parameter name="deny" value="ALL"/>
>             <Parameter name="allow" value="172.168.1.0/24"/>
>             <Parameter name="allow" value="127.0.0.1"/>
>         </Connector>
>
>         After connection, ACL is checked and connection closed (and warned)
>         if rules not meet
> ....
>

Just out of curiousity, can't you use Apache's standard filtering directives in
conjunction with MOD_JK?  Why do you need to implement it here as well?

>
> 2) The ACL stuff could also be used in a Realm ?
>
> Thanks for more Lights ;-)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-dev-help@jakarta.apache.org

Craig