network guru, but I'd imagine that that the primary address is the
first choice, if all the addresses can get to the destination host. I
definitely know that the IP the apache vhost is listening on will have
nothing to do with the connection to JRun.
If you want to control access to the app servers, tier your cluster.
Firewalls are dual-homed, one interface to the internet, one interface
to private network #1. web servers are dual homed, one interface to
private network #1 (with the firewalls), one to private network #2.
app servers are dual homed, one to private network #2 (with the web
servers), and one to private network #3. db servers are single-homed,
with a connection to private network #3 (with the app servers).
Set it up like that, and the only way someone can access your JRun
servers is a physical connection to the private network, which means
either they broke into your rack or they've taken control of one of
your web servers.
If you want to go nuts, you'll put load balancing firewalls in each
private network as well.
cheers,
barneyb
On Tue, 03 Aug 2004 16:01:57 -0400, Troy Simpson <[EMAIL PROTECTED]> wrote:
> Well I was trying to restrict which host could make request to this JRun
> Instance with the interface attribute in the jrun.xml file. But the
> connector did not use the IP Address I thought it was going to use.
>
> I thought the Apache connector was going to use IP Address 10.1.79.83
> but it used IP Address 10.1.79.111.
>
> I was wondering why it chose 10.1.79.111 over 10.1.79.83?
>
> Troy
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
