Depending on how good you wan't to disable access from the outside and what the outside is (other departments, internet) there are at least the following options:
- Use org.apache.catalina.valves.RemoteHostValve or org.apache.catalina.valves.RemoteAddrValve To allow/block certain Hosts/IP's. Have a look at http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/engine.html http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/valve.html#Remote %20Address%20Filter - Build you own protection. E.G. create a filter that checks if the sever port is 8080 and blocks every request where the client doesn't belong to list of IP's. - Use authentication If you don't want to enter username and password each time you login to the application you can use client certificates - Use a firewall To restrict the access inside an intranet it's possibe to use a (software) firewall on the server that disables the port for all IP outside of the department. > -----Urspr�ngliche Nachricht----- > Von: "B�hrle, Martin, FCI1" [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 6. Juni 2002 18:01 > An: '[EMAIL PROTECTED]' > Betreff: Access-Control for Tomcat-Webserver (Version 4.0.1) > > The only problem we have, is that you can still reach the > content of the CMS-servlet under port 8080 from outside our > business unit, because this port is the standard-tomcat > HTTP-Server and the apache-access-control doesnt > work in this case. > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
