Hi, You have several choices, although the default behavior isn't that bad. Your choices include:
- Tomcat's RemoteAddr and RemoteHost valves (http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html) - A custom Servlet Filter you write to deny specific requests like root.exe/cmd.exe/default.ida. - Others but I have to run to a meeting ;) Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: lrnobs [mailto:[EMAIL PROTECTED] >Sent: Wednesday, March 31, 2004 2:57 PM >To: Tomcat Users List >Subject: How to filter out HTTP requests, or limit requests > >I have a new web server running Tomcat and serving jsp pages on a RedHat9 >box. > >I am new to web technologies and have been reviewing the access logs daily. >I find several attempts in the logs to run root.exe, cmd.exe, and various >scripts. What I have seen so far appear to be attempts against IIS which I >am not running. But with each request the server has to respond with 404 >and 500 codes and reply traffic of various sizes. I saw one posting on >Google where repeated requests for "default.ida" shut down the site because >of the reply traffic. > >I could find on Google that for Apache a file called htaccess could have >commands to trap requests but elsewhere it said that Tomcat doesn't use >htaccess, but I can't find what it does instead. > >So I am hoping Tomcat has a method to let me trap strings like >"default.ida" >or "root.exe" and just drop them to a black hole before the server is >requested to service the request. > >I was also wondering if in the same method or another I could specifically >list html, jsp, and graphics that I will service and drop all others. > >Thanks, > >Larry Nobs > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
