RE: Help with manager app
Shane, In this application, Tomcat is the sole server running on the machine. I have Apache running on another machine to serve basic web pages, but the two are not connected at all. The Apache/web/server listens on port 80, while the Tomcat/servlet/server listens on 443 (https). That separation keeps things clean and simple. I went this route about 2 years ago after load testing showed the Apache server was using significant CPU cycles (when both were on the same machine). So, whether for good or bad, Tomcat is solely responsible for it's fate. Cheers, -Richard I am by no means a network configuration specialist, so take what I say with a grain of salt :) You havn't mentioned how Tomcat is accessed from the internet, such as do you have a Apache or IIS, server acting as a proxy/redirector to tomcat, or whether tomcat itself is internet facing. If you have a separate web server infront of tomcat, then the web server only needs to be configured with the URI's to pass through to tomcat for your web application AND NOT specify those URIs for the manager app. That way you can access the manager app from the internal network by directly going to tomcat, but the external internet users will never be able to access it, because no path exists to it for them. If however you tomcat is internet facing (not an option I would recommend) then I wouldn't know how you should properly deal with that. At least have a good password :) Regards, Shane -Orig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with manager app
Doug, I checked both the admin web.xml and the manager web.xml, and I do have a valve in them, restricting access to localhost plus the internal web. It is entirely possible that I am mistaken - what I thought was external access was in fact a router being intelligent. I will have to test more to see if there is a real external connection. Thanks, -Richard Richard, Use a remote address valve. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html Set it up for allow and the IP ranges you want to get in. Doug www.parsonstechnical.com - Original Message - From: Richard S. Huntrods [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 1:41 AM Subject: Help with manager app I have a rather urgent problem. I have been using tomcat for several years now, and normally weather the upgrades with some few problems, but nothing serious - until now. My problem - in the old Tomcat, I used the manager application to monitor the number of users accessing the system. In the old version, I had it set up so that external requests could NOT see the manager, ever. Now, under the new Tomcat, the manager app has changed. Today I also noticed that it is also available to the internet. How do I restrict access to the manager application to the local network - i.e. how do I turn off internet access to the manager app? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with manager app
I am by no means a network configuration specialist, so take what I say with a grain of salt :) You havn't mentioned how Tomcat is accessed from the internet, such as do you have a Apache or IIS, server acting as a proxy/redirector to tomcat, or whether tomcat itself is internet facing. If you have a separate web server infront of tomcat, then the web server only needs to be configured with the URI's to pass through to tomcat for your web application AND NOT specify those URIs for the manager app. That way you can access the manager app from the internal network by directly going to tomcat, but the external internet users will never be able to access it, because no path exists to it for them. If however you tomcat is internet facing (not an option I would recommend) then I wouldn't know how you should properly deal with that. At least have a good password :) Regards, Shane -Original Message- From: Richard S. Huntrods [mailto:[EMAIL PROTECTED] Sent: Tuesday, 4 May 2004 1:41 PM To: [EMAIL PROTECTED] Subject: Help with manager app I have a rather urgent problem. I have been using tomcat for several years now, and normally weather the upgrades with some few problems, but nothing serious - until now. My problem - in the old Tomcat, I used the manager application to monitor the number of users accessing the system. In the old version, I had it set up so that external requests could NOT see the manager, ever. Now, under the new Tomcat, the manager app has changed. Today I also noticed that it is also available to the internet. How do I restrict access to the manager application to the local network - i.e. how do I turn off internet access to the manager app? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with manager app
Richard, Use a remote address valve. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html Set it up for allow and the IP ranges you want to get in. Doug www.parsonstechnical.com - Original Message - From: Richard S. Huntrods [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 1:41 AM Subject: Help with manager app I have a rather urgent problem. I have been using tomcat for several years now, and normally weather the upgrades with some few problems, but nothing serious - until now. My problem - in the old Tomcat, I used the manager application to monitor the number of users accessing the system. In the old version, I had it set up so that external requests could NOT see the manager, ever. Now, under the new Tomcat, the manager app has changed. Today I also noticed that it is also available to the internet. How do I restrict access to the manager application to the local network - i.e. how do I turn off internet access to the manager app? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]