Hmmm. Well take a look at this entry from the server.xml file:
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<!-- See proxy documentation for more information about using this.
-->
<!--
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
-->
I did not add this and from what I can tell this comes with the default
config. Any info?
Roberto
David Smith <[EMAIL PROTECTED]>
08/12/2005 11:40 AM
Please respond to
"Tomcat Users List" <tomcat-user@jakarta.apache.org>
To
Tomcat Users List <tomcat-user@jakarta.apache.org>
cc
Subject
Re: Security Questions Regarding Tomcat
This sounds really fishy. Tomcat does not by default have any
connectors configured for port 80. There must be another service or
you've modified your server.xml somehow.
--David
Robert V. Coward/CTR/OSAGWI wrote:
>Having a similar issue to this with Tomcat 5.
>Apparently T5 comes with a port 80 proxy server a special servlet
>container or something. Basically I have ipfilter running and only allow
>access to port 8080, but if you send a request to 80 tTomcat picks up
and
>does some sort of internal redirect to port 8080. According to a netstat
>-a only port 808 is litening, but when I run nmap against it it show 80
>and 8080. I'd like to have ipfileter take block all connections and
>redirect packets bound for port 80 to 8080. Inother words I want to do
>what the T5 server seems to be doing already. Anyone have any ideas? My
>network admin is giving me much grief about allowing port 8080 access to
>the web.
>
>Thanks
>
>
>
>
>
>Paul Singleton <[EMAIL PROTECTED]>
>08/12/2005 10:08 AM
>Please respond to
>"Tomcat Users List" <tomcat-user@jakarta.apache.org>
>
>
>To
>Tomcat Users List <tomcat-user@jakarta.apache.org>
>cc
>Alon Belman <[EMAIL PROTECTED]>
>Subject
>Re: Security Questions Regarding Tomcat
>
>
>
>
>
>
>Harrell, Ralph wrote:
>
>
>
>>I would like to be able to start TOMCAT as a non-root
>>user but am unable to as we are running SSL and use
>>port 443 and non-root users do not have the permission
>>to use ports under 1000.
>>
>>
>
>...not in Linux and some (all?) Unix variants, anyway.
>
>(FWIW I think this root-only-below-1000 rule is an
>ill considered security kludge which has probably
>caused more trouble than it has circumvented)
>
>You could redirect port 443 to 8443 (and 80 to 8080)
>either in an external firewall/router or in iptables
>within your server, then start Tomcat as e.g. tomcat
>on its usual ports.
>
>Paul Singleton
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
