RE : Tomcat behind IIS
In fact, what I really want is to prevent any other IIS or Apache to connect to my 8009 connector port, for my IIS machine is used for authentication. I don't want that someone can bypass this. I tried to use a Request Filter valve by adding this in my server.xml : Valve className=org.apache.catalina.valves.RemoteAddrValve allow=ip_address_of_my_iis_server/ But it doesn't work. Even if my clients don't connect directly to my Tomcat server (only my IIS server does, and i can verify this by using the netstat command), they are blocked by this valve. It seems that my IIS tells Tomcat that its IP adress is my client's one. Maybe that's why my clients IP addresses are logged in Tomcat when this valve is disabled. So now this valve is not enabled anymore, and if someone installs a web connector pointing to my Tomcat server, it will have access to my webapps... Any help will be appreciated. Fred -Message d'origine- De : SANTOS, DANIEL (SBCSI) [mailto:[EMAIL PROTECTED] Envoyé : vendredi 18 mars 2005 18:22 À : Tomcat Users List Cc : MAES NICOLAS Objet : RE: Tomcat behind IIS sure, just go into your server.xml and remove the web connector Connector port=8080 / I'm using the minimal server.xml (slightly modified) so there may be more parameters in yours. This element is contained with in the Service tag which is in the Server tag. Daniel -Original Message- From: VAN DER MARLIERE FREDERIC [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 10:58 AM To: tomcat-user@jakarta.apache.org Cc: MAES NICOLAS Subject: Tomcat behind IIS Hi all, I installed a tomcat 5.0 behind an IIS server. Everything works fine with the connector. Now, I would like that Tomcat only accepts connections from this IIS server and not from others computers (still accessible from http://myhost:8080/myApplication http://myhost:8080/myApplication ). Is there a simple way to do this in server.xml (or other tomcat config files) or do I have to install a firewall ? Thanks in advance. Fred. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RE : Tomcat behind IIS
Why not try blocking traffic at the router level? Your network router should allow you to configure which machine can connect to your tomcat. - Jim -Original Message- From: VAN DER MARLIERE FREDERIC [mailto:[EMAIL PROTECTED] Sent: Monday, March 21, 2005 5:36 PM To: SANTOS, DANIEL (SBCSI); Tomcat Users List Cc: MAES NICOLAS Subject: RE : Tomcat behind IIS In fact, what I really want is to prevent any other IIS or Apache to connect to my 8009 connector port, for my IIS machine is used for authentication. I don't want that someone can bypass this. I tried to use a Request Filter valve by adding this in my server.xml : Valve className=org.apache.catalina.valves.RemoteAddrValve allow=ip_address_of_my_iis_server/ But it doesn't work. Even if my clients don't connect directly to my Tomcat server (only my IIS server does, and i can verify this by using the netstat command), they are blocked by this valve. It seems that my IIS tells Tomcat that its IP adress is my client's one. Maybe that's why my clients IP addresses are logged in Tomcat when this valve is disabled. So now this valve is not enabled anymore, and if someone installs a web connector pointing to my Tomcat server, it will have access to my webapps... Any help will be appreciated. Fred -Message d'origine- De : SANTOS, DANIEL (SBCSI) [mailto:[EMAIL PROTECTED] Envoyé : vendredi 18 mars 2005 18:22 À : Tomcat Users List Cc : MAES NICOLAS Objet : RE: Tomcat behind IIS sure, just go into your server.xml and remove the web connector Connector port=8080 / I'm using the minimal server.xml (slightly modified) so there may be more parameters in yours. This element is contained with in the Service tag which is in the Server tag. Daniel -Original Message- From: VAN DER MARLIERE FREDERIC [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 10:58 AM To: tomcat-user@jakarta.apache.org Cc: MAES NICOLAS Subject: Tomcat behind IIS Hi all, I installed a tomcat 5.0 behind an IIS server. Everything works fine with the connector. Now, I would like that Tomcat only accepts connections from this IIS server and not from others computers (still accessible from http://myhost:8080/myApplication http://myhost:8080/myApplication ). Is there a simple way to do this in server.xml (or other tomcat config files) or do I have to install a firewall ? Thanks in advance. Fred. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. The information in this email is confidential and is intended solely for the addressee(s). Access to this email by anyone else is unauthorized. If you are not an intended recipient, please notify the sender of this email immediately. You should not copy, use or disseminate the information contained in the email. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Capco. http://www.capco.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat behind IIS
sure, just go into your server.xml and remove the web connector Connector port=8080 / I'm using the minimal server.xml (slightly modified) so there may be more parameters in yours. This element is contained with in the Service tag which is in the Server tag. Daniel -Original Message- From: VAN DER MARLIERE FREDERIC [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 10:58 AM To: tomcat-user@jakarta.apache.org Cc: MAES NICOLAS Subject: Tomcat behind IIS Hi all, I installed a tomcat 5.0 behind an IIS server. Everything works fine with the connector. Now, I would like that Tomcat only accepts connections from this IIS server and not from others computers (still accessible from http://myhost:8080/myApplication http://myhost:8080/myApplication ). Is there a simple way to do this in server.xml (or other tomcat config files) or do I have to install a firewall ? Thanks in advance. Fred. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
