li...@cgi-net.ch wrote:
Hi List,
I'm running mod_jk on a apache 2.2.14 connecting to a second host, running
tomcat 5 server with a third party application.
This application is configured to display some company internal
information when accessing the page directly without any subdirectory:
like: http://<servername>/
A second application part is located under address
http://<servername>/application -> please note, this is not a directory,
this is a servlet-mapping made by tomcat (and we can't change the tomcat
setup as we would loose support for it)
My problem is now, that I only what to grant access to
http://<servername>/application for external customers through the apache
mod_jk setup.
But of some reason do I have trouble implementing this.
The stuff only works if I configure mod_jk to JkMount /* - but with that,
also the page ttp://<servername>/ is access-able.
I've also tried it with Rewrite rules (to make sure everything else than
http://<servername/application is redirected to this address), etc. but
nothing was/is working.
Apart from the help Rainer is giving you, I have a suggestion about your setup.
But first a question : you seem to be proxying just about everything from Apache httpd to
Tomcat. Do you need Apache httpd then ? why not just have Tomcat listen on port 80 and
handle everything itself ?
If you have some reason anyway to have Apachje httpd in front, then here is the
suggestion :
- remove all JkMount directives.
- instead, configure Apache httpd as follows :
<Location />
# here is the stuff that you want only internal users to see.
# Let's say that all these users have IP addresses in the 192.168.* range
Order Allow,Deny
Allow from 192.168.0.0/16
Deny from all
# the following is the same as a "JkMount *" for everything in this location
SetHandler jakarta-servlet
... any other Apache directives ..
</Location>
<Location /application>
# This is the stuff that everyone can see, so we override the above for this
location
Order Allow,Deny
Allow from all
# the following is the same as a "JkMount *" for everything in this location
SetHandler jakarta-servlet
.. any other Apache directives ..
</Location>
That's it.
Instead of the allow/deny stuff above, you can use any Apache-level
authentication/authorization/access control you want, inside of each Location.
AAA will happen *before* the call is forwarded to Tomcat.
You can also exclude some URLs inside each location, from being forwarded by mod_jk to
Tomcat, by using something like
SetEnvIf REQUEST_URI "\.(css|gif|jpg|js)$" no-jk
for example, to have all your images, stylesheets, javascript,.. served directly by Apache
(if you want, and if it makes sense in your context).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
