Hi I am in the process developing a web application firewall(WAF) for tomcat similar to what mod security does, and am planning to use the filter API already present in tomcat to intercept requests and do the filtering. While going through the documentation for filters and several examples, I see that there already exist many filters already present as part of tomcat (e.g. CSRF filter). I had a few doubts/questions regarding this. I hope someone can help shed light on these. 1. If I were to include a new filter using org.apache.catalina.filters.FilterBase , do I have to build tomcat to make use of the filter functionality or is it possible to do so without building it? 2. Have their been prior attempts at developing a WAF for tomcat?
Thanks, Varrun --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
