Réf. : RE: Filtering the apache clients

2008-01-21 Thread jean-louis . mateo 

Hello,

thank you Chuck, Ben and all at this list for your responses

I think I'll try the apache secret feature but i don't know which
attribute it matches under tomcat ajp connector conf ?
Any idea ?

Regards



Jean-Louis Matéo
Bull, Architect of an Open World TM
Bull SA - 53 r de l'Etang BP39 - 69578 LIMONEST
tél - 08 20 08 20 00
fax - 04 72 52 51 24
__
BULL TELESERVICE : Support et conseil logiciels  progiciels multi-éditeurs
GCOS - AIX - Open Source - Microsoft
__



  
  Ben Stringer  
  
  [EMAIL PROTECTED] Pour :   Tomcat Users List 
users@tomcat.apache.org   
  cc : 
  
   Objet :  RE: Filtering the 
apache clients  
  19/01/2008 08:31  
  
  Veuillez  
  
  répondre à
  
  Tomcat Users 
  
  List 
  

  

  



On Fri, 2008-01-18 at 10:53 -0600, Caldarale, Charles R wrote:
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
  Subject: Filtering the apache clients
 
  Is there any way of configuring the Tomcat Connector to
  only accept AJP connections from a specific apache server?

 1) Comment out the other Connector elements.

 2) Configure the RemoteAddrValve for the desired IP address:
 http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote%20Addre
 ss%20Filter

  - Chuck

In addition to Chuck's suggestions, you may also be interested in the
secret setting that can be set in workers.properties on Apache HTTPD
and in the tomcat connector conf. This allows you to specify a shared
secret between Apache HTTPD and Tomcat, so connections will only be
accepted if the secret is provided in the connection attempt.

Search for secret in this page:

http://tomcat.apache.org/connectors-doc/reference/workers.html

Cheers, Ben



 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail
 and its attachments from all computers.

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Réf. : Re: Réf. : RE: Filtering the apache clients

2008-01-21 Thread jean-louis . mateo 

Yes, it works.

Here is an excerpt of my workers.properties:
...
worker.list=web1,jkstatus

worker.web1.host=127.0.0.1
worker.web1.port=8009
worker.web1.type=ajp13
worker.web1.lbfactor=1
worker.web1.secret=password
...

and this one, my server.xml:

Connector
port=8009
redirectPort=8443
protocol=AJP/1.3
request.useSecret=True
request.secret=password
   

Note that within workers.properties, password have not to be between quotes


Thank you very much

Best Regards



Jean-Louis Matéo
Bull, Architect of an Open World TM
Bull SA - 53 r de l'Etang BP39 - 69578 LIMONEST
tél - 08 20 08 20 00
fax - 04 72 52 51 24
__
BULL TELESERVICE : Support et conseil logiciels  progiciels multi-éditeurs
GCOS - AIX - Open Source - Microsoft
__



  
  Rainer Jung   
  
  [EMAIL PROTECTED] Pour :   Tomcat Users List 
users@tomcat.apache.org   
  pdata.decc : 
  
   Objet :  Re: Réf. : RE: 
Filtering the apache clients   
  21/01/2008 11:54  
  
  Veuillez  
  
  répondre à
  
  Tomcat Users 
  
  List 
  

  

  



[EMAIL PROTECTED] wrote:
 Hello,

 thank you Chuck, Ben and all at this list for your responses

 I think I'll try the apache secret feature but i don't know which
 attribute it matches under tomcat ajp connector conf ?
 Any idea ?

At least

http://tomcat.apache.org/connectors-doc/reference/workers.html

tells us:

Use request.useSecret=true and request.secret=secret key word in
your Tomcat AJP Connector configuration.

Unfortunately the information doesn't seem to be included in the Tomcat
docs. Let us know, if it works.

Regards,

Rainer





   Ben Stringer

   [EMAIL PROTECTED] Pour :   Tomcat Users List
users@tomcat.apache.org
   cc :

Objet :  RE: Filtering the
apache clients
   19/01/2008 08:31

   Veuillez

   répondre à

   Tomcat Users

   List








 On Fri, 2008-01-18 at 10:53 -0600, Caldarale, Charles R wrote:
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Subject: Filtering the apache clients

 Is there any way of configuring the Tomcat Connector to
 only accept AJP connections from a specific apache server?
 1) Comment out the other Connector elements.

 2) Configure the RemoteAddrValve for the desired IP address:
 http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote%20Addre
 ss%20Filter

  - Chuck

 In addition to Chuck's suggestions, you may also be interested in the
 secret setting that can be set in workers.properties on Apache HTTPD
 and in the tomcat connector conf. This allows you to specify a shared
 secret between Apache HTTPD and Tomcat, so connections will only be
 accepted if the secret is provided in the connection attempt.

 Search for secret in this page:

 http://tomcat.apache.org/connectors-doc/reference/workers.html

 Cheers, Ben

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]