Bill Barker wrote:
...
Which gives a third option to the OP, which is to use the useIPVHosts="true"
option on the <Connector ... />, and only configure <Host .../>s for the
ones that he wants to allow to connect (and the default Host just returns
404 to every request).
Yes, that possibility was kind of nagging at me since the beginning.
This would also be valid for all protocols and all Connectors, wouldn't it ?
<Host name="defaultHost" ........>
... always returns 404
</Host>
<Host name="allowedHosts" ....>
<Alias>name-of-allowed-proxy-1</Alias>
<Alias>name-of-allowed-proxy-2</Alias>
<Alias>name-of-allowed-proxy-3</Alias)
...
</Host>
It is not really secure yet, but incrementally harder to fake than a
secret or a header. And it does not require any change of configuration
at the proxy server level.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
