As I understand it, the RemoteAddrValve works on the address of the client (browser) not of the webserver.
I'm not using mod_jk. Back in the old days of mod_jserv there was a property ApJServSecretKey to protect a jserv instance from unauthorized access. I'm not shure if this feature survived in one way or another. One solution would be to limit the access to the tomcat port by a software firewall. BTW (On which os are you working ?) > -----Original Message----- > From: Krause Karin [mailto:[EMAIL PROTECTED] > Sent: Friday, May 14, 2004 2:36 PM > To: '[EMAIL PROTECTED]' > Subject: RemoteAddrValve and mod_jk > > > Apache Web Server on a separate host, Tomcat 4.1.27 on another host. > I use mod_jk 1.2.5 to connect from Apache to Tomcat. > I wish to make sure that only requests from a specific Apache > Server can connect to Tomcat. > I thought that the RemoteAddrValve can be used to check, from > which machine the request > comes to Tomcat. It works fine if I use http (without > Apache/mod_jk). If I use it together with Apache/mod_jk, > the remoteAddr received by the RemoteAddrValve is always "localhost". > So my question is, how can I assure that the mod_jk request > comes from my specific Apache host and not from > another Apache. Is there another way to do it (eventually in > the configuration of the CoyoteConnector) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
