Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's a walk in the park...
My Tomcat is serving a number of webapps, I want
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken zakmc...@yahoo.it wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's
Thanks Gregor, that's very interesting for production environments. I'll
try it.
Cheers.
M.
Gregor Schneider wrote:
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken zakmc...@yahoo.it wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to
From: Gregor Schneider [mailto:rc4...@googlemail.com]
Subject: Re: RemoteAddrValve and RemoteHostValve
Have you ever thought about fronting Tomcat with Apache HTTPD, then
connecting it via mod_jk?
Are you serious? You want to add complexity and overhead just to control
access to one webapp
Hi Chuck,
On Mon, Mar 2, 2009 at 3:07 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
Since a working Valve setup was already provided, why not just use that?
Ehem - was it? I understood that there was one open issue that Zac
needed to combine a hostname and IP-adress - which was not
From: Gregor Schneider [mailto:rc4...@googlemail.com]
Subject: Re: RemoteAddrValve and RemoteHostValve
I understood that there was one open issue that Zac
needed to combine a hostname and IP-adress
Early in the thread, someone pointed out that there's never any need to specify
a host name
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zak,
On 2/27/2009 9:28 PM, Zak Mc Kracken wrote:
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com - OK
else if it's 1.2.3.4 - OK
else - KO
You could always use our favorite urlrewrite tool:
Thanks again.
André Warnier wrote:
It would in my view make a lot more sense to have a single Remote Access
Valve to which one could specify, in allow or deny, a hostname
AND/OR an IP address expression. Like
Valve className=x allow=localhost,www.mydomain.com,192\.168\.1
Gregor wrote:
marc,
do i understand you correct that you only whant to accept requests from
localhost?
I have a Java web application that computes some data from an existing
Java-based infrastructure and output it as simple plain text. The output
is intended to be consumed by other PHP
On Sun, Mar 1, 2009 at 6:05 PM, Zak Mc Kracken zakmc...@yahoo.it wrote:
Yes, but localhost-only is simpler in my case.
ehem, still not sure if i got you right:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
why then not make
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.:
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.:
Zak Mc Kracken wrote:
[...]
Let's try this another way.
You want to allow requests from either www.somewhere.com, or one or more
IP addresses, and block all the rest.
First, filtering requests on the base of a DNS hostname is expensive :
it forces Tomcat to do a reverse DNS lookup. That
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: RemoteAddrValve and RemoteHostValve
What I'm getting at, is that if you want to accept requests from
www.somewhere.com
It's not clear to me whether the OP wants to check the origin or the
destination; the original description
Thank you all for replies and detailed explanation. Now I understand
what's happening. My specific problem is restrict a single web
application to clients coming from localhost only. This was not working
(everything blocked):
Context
Valve
Zak Mc Kracken wrote:
..., although it seems to imply
that RemoteHostValve should be avoided (isn't DNS reverse lookup
cached?)
Well, I suppose it probably is, at some level. At the level of the
Remote Host Valve possibly, if the designers thought about it, or else
at some underlying level.
marc,
do i understand you correct that you only whant to accept requests
from localhost?
next: wouldn't authorization solve your problem?
rgds
gregor
Am 28.02.2009 um 19:14 schrieb Zak Mc Kracken zakmc...@yahoo.it:
Thank you all for replies and detailed explanation. Now I understand
On Feb 27, 2009, at 9:28 PM, Zak Mc Kracken wrote:
Hi all,
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com - OK
else if it's 1.2.3.4 - OK
else - KO
Is it possible to do that by combining RemoteHostValve and
RemoteAddrValve? How? I simply tried to write
19 matches
Mail list logo
