You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by GOMEZ Henri <hg...@slib.fr> on 2001/01/16 22:29:06 UTC
mod_jk ACL - next
Hi,
I'm busy these days and didn't have many time on ACL for mod_jk.
Before investing too many times, just want to describe the plan :
1) Create stuff to handle InetMask a là hosts.allow / hosts.deny.
Data initialized via config in server.xml
From 3.2 server.xml
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
<Parameter name="port" value="8009"/>
<Parameter name="deny" value="ALL"/>
<Parameter name="allow" value="172.168.1.0/24"/>
<Parameter name="allow" value="127.0.0.1"/>
</Connector>
After connection, ACL is checked and connection closed (and warned)
if rules not meet
....
2) The ACL stuff could also be used in a Realm ?
Thanks for more Lights ;-)
Re: mod_jk ACL - next
Posted by cm...@yahoo.com.
> > <Connector className="org.apache.tomcat.service.PoolTcpConnector">
> > <Parameter name="handler"
> > value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
> > <Parameter name="port" value="8009"/>
> > <Parameter name="deny" value="ALL"/>
> > <Parameter name="allow" value="172.168.1.0/24"/>
> > <Parameter name="allow" value="127.0.0.1"/>
> > </Connector>
> >
> > After connection, ACL is checked and connection closed (and warned)
> > if rules not meet
> > ....
> >
>
> Just out of curiousity, can't you use Apache's standard filtering directives in
> conjunction with MOD_JK? Why do you need to implement it here as well?
The goal is to protect the tomcat instance - the apache directives are
protecting the apache server.
( it is needed to prevent possible security problems )
Costin
Re: mod_jk ACL - next
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
GOMEZ Henri wrote:
> Hi,
>
> I'm busy these days and didn't have many time on ACL for mod_jk.
> Before investing too many times, just want to describe the plan :
>
> 1) Create stuff to handle InetMask a là hosts.allow / hosts.deny.
> Data initialized via config in server.xml
>
> From 3.2 server.xml
>
> <Connector className="org.apache.tomcat.service.PoolTcpConnector">
> <Parameter name="handler"
> value="org.apache.tomcat.service.connector.Ajp13ConnectionHandler"/>
> <Parameter name="port" value="8009"/>
> <Parameter name="deny" value="ALL"/>
> <Parameter name="allow" value="172.168.1.0/24"/>
> <Parameter name="allow" value="127.0.0.1"/>
> </Connector>
>
> After connection, ACL is checked and connection closed (and warned)
> if rules not meet
> ....
>
Just out of curiousity, can't you use Apache's standard filtering directives in
conjunction with MOD_JK? Why do you need to implement it here as well?
>
> 2) The ACL stuff could also be used in a Realm ?
>
> Thanks for more Lights ;-)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-dev-help@jakarta.apache.org
Craig