Re: Tompcat - Manager Functions without the Manager?
Thanks, Craig - this is exactly what I was looking for. Cheers, -Richard On Thu, 20 Dec 2001, Richard S. Huntrods wrote: Date: Thu, 20 Dec 2001 09:23:11 -0700 From: Richard S. Huntrods [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Tompcat - Manager Functions without the Manager? Greetings! For security purposes, my tomcat server is behind a firewall, with the firewall forwarding port 8080 requests to the server (as port 8080). All works very well. FTP and Telnet are blocked by the firewall as well. Only port 80 (another machine running Apache to serve a web site) and port 8080 are open on this firewall. Also for security, I have removed the original webapps directory and replaced it with my own webapps directory with just my servlets and such in it. Again, all works very, very well. NOW - I would like to track who is currently using the system. Apache is not running - only Tomcat. Rather than try to track users internally with my servlets, I would like to be able to use the Tomcat manager functions to do this. Is there a way to use manager functions without the original webapps/manager directory - i.e. ONLY from behind the firewall, perhaps even only when logged on to the server as root? My understanding is that if I put the manager directory back, then it is open to the world (password protection is rarely enough, I've found). The manager app doesn't really track users -- it only tells you how many active sessions there are. However, it's possible to set up this app (or any other) in a manner that makes it available only inside the firewall. It works like this: * Add the manager webapp's subdirectory back in to your webapps directory. * Add a Context element in server.xml that includes a request filter preventing access to the manager webapp from anywhere *other* than inside the firewall: Context path=/manager docBase=manager Valve className=org.apache.catalina.valves.RemoteAddrValve accept=xxx.xxx.xxx./ /Context where xxx.xxx.xxx.xxx is the IP address (or a regular expression pattern) that must match in order for this request to succeed. * This filter will accept *only* requests that match the accept pattern, so any outside-the-firewall attempt will fail (even if they know the right username and password). More information is in the Server Configuration Reference documentation that ships with Tomcat. Thanks in advance, -Richard Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tompcat - Manager Functions without the Manager?
Greetings! For security purposes, my tomcat server is behind a firewall, with the firewall forwarding port 8080 requests to the server (as port 8080). All works very well. FTP and Telnet are blocked by the firewall as well. Only port 80 (another machine running Apache to serve a web site) and port 8080 are open on this firewall. Also for security, I have removed the original webapps directory and replaced it with my own webapps directory with just my servlets and such in it. Again, all works very, very well. NOW - I would like to track who is currently using the system. Apache is not running - only Tomcat. Rather than try to track users internally with my servlets, I would like to be able to use the Tomcat manager functions to do this. Is there a way to use manager functions without the original webapps/manager directory - i.e. ONLY from behind the firewall, perhaps even only when logged on to the server as root? My understanding is that if I put the manager directory back, then it is open to the world (password protection is rarely enough, I've found). Thanks in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tompcat - Manager Functions without the Manager?
I don't know if this is allowed or not, but you can try changing the context path from /manager to /somethingelse. It should work as manager is just another context. And then you can create a filter to restrict requesting ip addresses. Charlie -Original Message- From: Richard S. Huntrods [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 11:23 AM To: [EMAIL PROTECTED] Subject: Tompcat - Manager Functions without the Manager? Greetings! For security purposes, my tomcat server is behind a firewall, with the firewall forwarding port 8080 requests to the server (as port 8080). All works very well. FTP and Telnet are blocked by the firewall as well. Only port 80 (another machine running Apache to serve a web site) and port 8080 are open on this firewall. Also for security, I have removed the original webapps directory and replaced it with my own webapps directory with just my servlets and such in it. Again, all works very, very well. NOW - I would like to track who is currently using the system. Apache is not running - only Tomcat. Rather than try to track users internally with my servlets, I would like to be able to use the Tomcat manager functions to do this. Is there a way to use manager functions without the original webapps/manager directory - i.e. ONLY from behind the firewall, perhaps even only when logged on to the server as root? My understanding is that if I put the manager directory back, then it is open to the world (password protection is rarely enough, I've found). Thanks in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Tompcat - Manager Functions without the Manager?
On Thu, 20 Dec 2001, Richard S. Huntrods wrote: Date: Thu, 20 Dec 2001 09:23:11 -0700 From: Richard S. Huntrods [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Tompcat - Manager Functions without the Manager? Greetings! For security purposes, my tomcat server is behind a firewall, with the firewall forwarding port 8080 requests to the server (as port 8080). All works very well. FTP and Telnet are blocked by the firewall as well. Only port 80 (another machine running Apache to serve a web site) and port 8080 are open on this firewall. Also for security, I have removed the original webapps directory and replaced it with my own webapps directory with just my servlets and such in it. Again, all works very, very well. NOW - I would like to track who is currently using the system. Apache is not running - only Tomcat. Rather than try to track users internally with my servlets, I would like to be able to use the Tomcat manager functions to do this. Is there a way to use manager functions without the original webapps/manager directory - i.e. ONLY from behind the firewall, perhaps even only when logged on to the server as root? My understanding is that if I put the manager directory back, then it is open to the world (password protection is rarely enough, I've found). The manager app doesn't really track users -- it only tells you how many active sessions there are. However, it's possible to set up this app (or any other) in a manner that makes it available only inside the firewall. It works like this: * Add the manager webapp's subdirectory back in to your webapps directory. * Add a Context element in server.xml that includes a request filter preventing access to the manager webapp from anywhere *other* than inside the firewall: Context path=/manager docBase=manager Valve className=org.apache.catalina.valves.RemoteAddrValve accept=xxx.xxx.xxx./ /Context where xxx.xxx.xxx.xxx is the IP address (or a regular expression pattern) that must match in order for this request to succeed. * This filter will accept *only* requests that match the accept pattern, so any outside-the-firewall attempt will fail (even if they know the right username and password). More information is in the Server Configuration Reference documentation that ships with Tomcat. Thanks in advance, -Richard Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]