For the first question:
- Which tomcat do you use ?
- Do you run it stand alone or with apache or iis
- Which connector do you use
For the second question:
I would't do that. It introduces more problems than
it helps.
Blocking an IP is a dangerous thing. There can be
serveral thausend people that have the same IP.
They would all be blocked. If you implement somthing
like this it's very easy to disable your site for a wide
range of users. (If some hackers find out that 'feature'
they will play around with that. It's possible to send
out packets with faked IP adresses. So if a hacker
wants to attack your site, he can issue requests
with IP's from proxies with a high user number)
Blocking an IP is not very effective, as any hacker
who has a provider with dynamic IP's can change his IP
with every try. (If you block that IP, the next user
that gets this IP will be blocked).
The only scenario where this would make sense is an
extranet where you know that the each user will have
a unique IP. (But in this case I would rather restrict
the IP's for the incoming requests)
> -----Urspr�ngliche Nachricht-----
> Von: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 31. Mai 2002 00:24
> An: [EMAIL PROTECTED]
> Betreff: Need Help plz
>
>
>
> Hi ,
>
> i need help please in two subjects .. My problems are what
> configuration I should have to do in the server to prevent:
>
> 1) Prohibit downloading the *.jsp files from any client on the
> internet... [ I noticed that if I wrote the URL of my site
> ending with
> myFile.JSP [ JSP in Capital letters] the page not opened ! , but the
> server offered me to download the file it self ! ..Which I
> don’t want
> any user knows this property to download my own source-code jsp files!
>
> 2) My application is depend on a password
> authentication , which
> I don’t want any cracker to keep trying
> usernames/passwords for
> many tries .. How should I tell the server to block an ip
> after 3 times
> tries [for example] and for how long this ip will be blocked!
>
> are thses problems related with the Apache server or Tomcat
> serve or both
> of them !!.. does anyone face like these problems ?!
>
>
> Java_lover : Walid
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
