But it's also commented out and not active. It's there as an example of a proxied port if you happen to be using Apache and mod_rewrite as a front end to tomcat.
--David Robert V. Coward/CTR/OSAGWI wrote: >Hmmm. Well take a look at this entry from the server.xml file: > > <!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> > <!-- See proxy documentation for more information about using this. >--> > <!-- > <Connector port="8082" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" acceptCount="100" >connectionTimeout="20000" > proxyPort="80" disableUploadTimeout="true" /> > --> > >I did not add this and from what I can tell this comes with the default >config. Any info? > >Roberto > > > > >David Smith <[EMAIL PROTECTED]> >08/12/2005 11:40 AM >Please respond to >"Tomcat Users List" <tomcat-user@jakarta.apache.org> > > >To >Tomcat Users List <tomcat-user@jakarta.apache.org> >cc > >Subject >Re: Security Questions Regarding Tomcat > > > > > > >This sounds really fishy. Tomcat does not by default have any >connectors configured for port 80. There must be another service or >you've modified your server.xml somehow. > >--David > >Robert V. Coward/CTR/OSAGWI wrote: > > > >>Having a similar issue to this with Tomcat 5. >>Apparently T5 comes with a port 80 proxy server a special servlet >>container or something. Basically I have ipfilter running and only allow >>access to port 8080, but if you send a request to 80 tTomcat picks up >> >> >and > > >>does some sort of internal redirect to port 8080. According to a netstat >>-a only port 808 is litening, but when I run nmap against it it show 80 >>and 8080. I'd like to have ipfileter take block all connections and >>redirect packets bound for port 80 to 8080. Inother words I want to do >>what the T5 server seems to be doing already. Anyone have any ideas? My >>network admin is giving me much grief about allowing port 8080 access to >>the web. >> >>Thanks >> >> >> >> >> >>Paul Singleton <[EMAIL PROTECTED]> >>08/12/2005 10:08 AM >>Please respond to >>"Tomcat Users List" <tomcat-user@jakarta.apache.org> >> >> >>To >>Tomcat Users List <tomcat-user@jakarta.apache.org> >>cc >>Alon Belman <[EMAIL PROTECTED]> >>Subject >>Re: Security Questions Regarding Tomcat >> >> >> >> >> >> >>Harrell, Ralph wrote: >> >> >> >> >> >>>I would like to be able to start TOMCAT as a non-root >>>user but am unable to as we are running SSL and use >>>port 443 and non-root users do not have the permission >>>to use ports under 1000. >>> >>> >>> >>> >>...not in Linux and some (all?) Unix variants, anyway. >> >>(FWIW I think this root-only-below-1000 rule is an >>ill considered security kludge which has probably >>caused more trouble than it has circumvented) >> >>You could redirect port 443 to 8443 (and 80 to 8080) >>either in an external firewall/router or in iptables >>within your server, then start Tomcat as e.g. tomcat >>on its usual ports. >> >>Paul Singleton >> >> >> >> >> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- ======================================= David Smith Network Operations Supervisor Department of Entomology College of Agriculture & Life Sciences Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: 607.255.9571 Fax: 607.255.0939 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
