On Apr 7, 2007, at 12:08 PM, Mark H. Wood wrote: > On Fri, Apr 06, 2007 at 12:07:44PM -0400, Cory Snavely wrote: >> For folks listening in with interest, we also use NAT port >> forwarding to >> get around the requirement for mod_jk, but FWIW I haven't >> determined a >> way to close the incoming *actual* Tomcat ports (8080/8443). > > Just don't open them. In [tomcat]conf/server.xml comment out the > Connector with 'port="8080"' and leave commented the one with > 'port="8443"'. You should then only be running AJP 1.3 on 8009 and > the shutdown port on localhost:8005. If you want to limit AJP to the > local host, you can add 'address="127.0.0.1"' to the AJP Connector. > > -- > Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] > Typically when a software vendor says that a product is "intuitive" he > means the exact opposite.
MarkW, This would only be the case if they were using mod_jk/Apache. but, they are trying to use NAT/port forwarding and this means those Tomcat ports are what are getting forwarded to. I'd say the quickest solution is to just block those ports from external requests in the NAT/firewall configuration. -Mark Diggory ~~~~~~~~~~~~~ Mark R. Diggory - DSpace Systems Manager MIT Libraries, Systems and Technology Services Massachusetts Institute of Technology ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
