You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dola Woolfe <do...@yahoo.com> on 2005/02/21 23:55:53 UTC
Tomcat: who is knocking on my door?
First, I'm sure this is documented so can anyone point
me to the documentation on how to determine the client
application.
Second, does Tomcat itself do anything different
depending on who's making the request. I sometimes
notice that IE's requests are fielded faster than
wget's requests.
Finally, is there a blanket way to prevent wget
requests?
Many thanks in advacne!
Dola
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat: who is knocking on my door?
Posted by QM <qm...@brandxdev.net>.
On Mon, Feb 21, 2005 at 02:55:53PM -0800, Dola Woolfe wrote:
: First, I'm sure this is documented so can anyone point
: me to the documentation on how to determine the client
: application.
Check for the "User-Agent" header.
(I may have made a typo on the name, but if you iterate through the
headers you'll see it right away)
: Second, does Tomcat itself do anything different
: depending on who's making the request. I sometimes
: notice that IE's requests are fielded faster than
: wget's requests.
It shouldn't -- perhaps there's something different about how wget makes
its requests?
: Finally, is there a blanket way to prevent wget
: requests?
Yes and no:
yes - use a Servlet Filter that refuses requests based on the User-Agent
header.
yes - employ user authentication. If the offending clients are coming
from off-site, adjust your network topology such that the app in
question is only available from the inside (proactive), or block the
offending IPs using a firewall (reactive).
no - if the user changes the User-Agent header from wget. IIRC wget has
a switch for this; and if not, the source is wide-open.
Note that user auth/firewall/etc are the solid solutions. There are
myriad non-browser clients out there besides wget, and you'll have a
devil of a time fending the all off.
-QM
--
software -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat: who is knocking on my door?
Posted by Michael Greer <mi...@earthlink.net>.
Front it with apache and restrict access by user agent.
-Michael Greer
On Feb 21, 2005, at 5:55 PM, Dola Woolfe wrote:
> First, I'm sure this is documented so can anyone point
> me to the documentation on how to determine the client
> application.
>
> Second, does Tomcat itself do anything different
> depending on who's making the request. I sometimes
> notice that IE's requests are fielded faster than
> wget's requests.
>
> Finally, is there a blanket way to prevent wget
> requests?
>
> Many thanks in advacne!
>
> Dola
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org