You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by lrnobs <lr...@firstclasssolutions.net> on 2004/04/01 00:02:25 UTC
Re: How to filter out HTTP requests, or limit requests
Thanks Yoav and Mauricio.
Larry Nobs
----- Original Message -----
From: "Shapira, Yoav" <Yo...@mpi.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Wednesday, March 31, 2004 2:10 PM
Subject: RE: How to filter out HTTP requests, or limit requests
>
> Hi,
> You have several choices, although the default behavior isn't that bad.
> Your choices include:
>
> - Tomcat's RemoteAddr and RemoteHost valves
> (http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html)
>
> - A custom Servlet Filter you write to deny specific requests like
> root.exe/cmd.exe/default.ida.
>
> - Others but I have to run to a meeting ;)
>
>
> Yoav Shapira
> Millennium Research Informatics
>
>
> >-----Original Message-----
> >From: lrnobs [mailto:lrnobs@firstclasssolutions.net]
> >Sent: Wednesday, March 31, 2004 2:57 PM
> >To: Tomcat Users List
> >Subject: How to filter out HTTP requests, or limit requests
> >
> >I have a new web server running Tomcat and serving jsp pages on a
> RedHat9
> >box.
> >
> >I am new to web technologies and have been reviewing the access logs
> daily.
> >I find several attempts in the logs to run root.exe, cmd.exe, and
> various
> >scripts. What I have seen so far appear to be attempts against IIS
> which I
> >am not running. But with each request the server has to respond with
> 404
> >and 500 codes and reply traffic of various sizes. I saw one posting on
> >Google where repeated requests for "default.ida" shut down the site
> because
> >of the reply traffic.
> >
> >I could find on Google that for Apache a file called htaccess could
> have
> >commands to trap requests but elsewhere it said that Tomcat doesn't use
> >htaccess, but I can't find what it does instead.
> >
> >So I am hoping Tomcat has a method to let me trap strings like
> >"default.ida"
> >or "root.exe" and just drop them to a black hole before the server is
> >requested to service the request.
> >
> >I was also wondering if in the same method or another I could
> specifically
> >list html, jsp, and graphics that I will service and drop all others.
> >
> >Thanks,
> >
> >Larry Nobs
> >
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential, proprietary
and/or privileged. This e-mail is intended only for the individual(s) to
whom it is addressed, and may not be saved, copied, printed, disclosed or
used by anyone else. If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender. Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org