You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Wallis <Jo...@urz.uni-hd.de> on 2003/09/19 07:55:55 UTC
Blocking html
Hi Folks,
I have a site that provides jsp/java pages only.
Problem is: people can visit my site (costing me money)
and gain access to the www (html pages).
I don't have any proxy settings in server.xml
How can I block this?
Thank You,
John Wallis
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Blocking html
Posted by Tim Funk <fu...@joedog.org>.
So people are using your server as a proxy server? Tomcat (AFAIK) does not
allow that from its base functionality. If so - that is a security flaw.
-Tim
John Wallis wrote:
> Hi users,
>
> The html pages are of the web and are not mine. My server somehow acts
> like a proxy giving my callers access to the web. I want to prevent this.
>
> In server.xml there are no proxyname/host settings --> ??
>
> Any suggestions
>
> Thank You
>
> John Wallis
>
> On Fri, 19 Sep 2003, Tim Funk wrote:
>
>
>>1) Delete the html pages
>>2) If the html pages are masked behind the html pages (via a forward on
>>include) - Move the pages somewhere under WEB-INF
>>3) There is an Valve for restrict requests by address - you might be able to
>>use or adapt that
>>
>>-Tim
>>
>>John Wallis wrote:
>>
>>>Hi Folks,
>>>
>>>I have a site that provides jsp/java pages only.
>>>
>>>Problem is: people can visit my site (costing me money)
>>>and gain access to the www (html pages).
>>>
>>>I don't have any proxy settings in server.xml
>>>How can I block this?
>>>
>>>Thank You,
>>>
>>> John Wallis
>>>
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> ***********************************************
> * Dr. John Wallis *
> * *
> * SFB 359: Reaktive Stromungen, Diffusion *
> * und Transport *
> * Universität Heidelberg *
> * Im Neuenheimer Feld 294 *
> * 69120 Heidelberg *
> * *
> * Tel. : +49 6221 54 4986 *
> * Email: jwallis@ix.urz.uni-heidelberg.de *
> ***********************************************
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Blocking html
Posted by Tim Funk <fu...@joedog.org>.
So people are using your server as a proxy server? Tomcat (AFAIK) does not
allow that from its base functionality. If so - that is a security flaw.
-Tim
John Wallis wrote:
> Hi users,
>
> The html pages are of the web and are not mine. My server somehow acts
> like a proxy giving my callers access to the web. I want to prevent this.
>
> In server.xml there are no proxyname/host settings --> ??
>
> Any suggestions
>
> Thank You
>
> John Wallis
>
> On Fri, 19 Sep 2003, Tim Funk wrote:
>
>
>>1) Delete the html pages
>>2) If the html pages are masked behind the html pages (via a forward on
>>include) - Move the pages somewhere under WEB-INF
>>3) There is an Valve for restrict requests by address - you might be able to
>>use or adapt that
>>
>>-Tim
>>
>>John Wallis wrote:
>>
>>>Hi Folks,
>>>
>>>I have a site that provides jsp/java pages only.
>>>
>>>Problem is: people can visit my site (costing me money)
>>>and gain access to the www (html pages).
>>>
>>>I don't have any proxy settings in server.xml
>>>How can I block this?
>>>
>>>Thank You,
>>>
>>> John Wallis
>>>
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>
>
> ***********************************************
> * Dr. John Wallis *
> * *
> * SFB 359: Reaktive Stromungen, Diffusion *
> * und Transport *
> * Universität Heidelberg *
> * Im Neuenheimer Feld 294 *
> * 69120 Heidelberg *
> * *
> * Tel. : +49 6221 54 4986 *
> * Email: jwallis@ix.urz.uni-heidelberg.de *
> ***********************************************
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
Re: Blocking html
Posted by John Wallis <Jo...@urz.uni-hd.de>.
Hi users,
The html pages are of the web and are not mine. My server somehow acts
like a proxy giving my callers access to the web. I want to prevent this.
In server.xml there are no proxyname/host settings --> ??
Any suggestions
Thank You
John Wallis
On Fri, 19 Sep 2003, Tim Funk wrote:
> 1) Delete the html pages
> 2) If the html pages are masked behind the html pages (via a forward on
> include) - Move the pages somewhere under WEB-INF
> 3) There is an Valve for restrict requests by address - you might be able to
> use or adapt that
>
> -Tim
>
> John Wallis wrote:
> > Hi Folks,
> >
> > I have a site that provides jsp/java pages only.
> >
> > Problem is: people can visit my site (costing me money)
> > and gain access to the www (html pages).
> >
> > I don't have any proxy settings in server.xml
> > How can I block this?
> >
> > Thank You,
> >
> > John Wallis
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
***********************************************
* Dr. John Wallis *
* *
* SFB 359: Reaktive Stromungen, Diffusion *
* und Transport *
* Universität Heidelberg *
* Im Neuenheimer Feld 294 *
* 69120 Heidelberg *
* *
* Tel. : +49 6221 54 4986 *
* Email: jwallis@ix.urz.uni-heidelberg.de *
***********************************************
Re: Blocking html
Posted by John Wallis <Jo...@urz.uni-hd.de>.
Hi users,
The html pages are of the web and are not mine. My server somehow acts
like a proxy giving my callers access to the web. I want to prevent this.
In server.xml there are no proxyname/host settings --> ??
Any suggestions
Thank You
John Wallis
On Fri, 19 Sep 2003, Tim Funk wrote:
> 1) Delete the html pages
> 2) If the html pages are masked behind the html pages (via a forward on
> include) - Move the pages somewhere under WEB-INF
> 3) There is an Valve for restrict requests by address - you might be able to
> use or adapt that
>
> -Tim
>
> John Wallis wrote:
> > Hi Folks,
> >
> > I have a site that provides jsp/java pages only.
> >
> > Problem is: people can visit my site (costing me money)
> > and gain access to the www (html pages).
> >
> > I don't have any proxy settings in server.xml
> > How can I block this?
> >
> > Thank You,
> >
> > John Wallis
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
***********************************************
* Dr. John Wallis *
* *
* SFB 359: Reaktive Stromungen, Diffusion *
* und Transport *
* Universität Heidelberg *
* Im Neuenheimer Feld 294 *
* 69120 Heidelberg *
* *
* Tel. : +49 6221 54 4986 *
* Email: jwallis@ix.urz.uni-heidelberg.de *
***********************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Blocking html
Posted by Tim Funk <fu...@joedog.org>.
1) Delete the html pages
2) If the html pages are masked behind the html pages (via a forward on
include) - Move the pages somewhere under WEB-INF
3) There is an Valve for restrict requests by address - you might be able to
use or adapt that
-Tim
John Wallis wrote:
> Hi Folks,
>
> I have a site that provides jsp/java pages only.
>
> Problem is: people can visit my site (costing me money)
> and gain access to the www (html pages).
>
> I don't have any proxy settings in server.xml
> How can I block this?
>
> Thank You,
>
> John Wallis
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Blocking html
Posted by Tim Funk <fu...@joedog.org>.
1) Delete the html pages
2) If the html pages are masked behind the html pages (via a forward on
include) - Move the pages somewhere under WEB-INF
3) There is an Valve for restrict requests by address - you might be able to
use or adapt that
-Tim
John Wallis wrote:
> Hi Folks,
>
> I have a site that provides jsp/java pages only.
>
> Problem is: people can visit my site (costing me money)
> and gain access to the www (html pages).
>
> I don't have any proxy settings in server.xml
> How can I block this?
>
> Thank You,
>
> John Wallis
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>