On 4/17/2014 9:01 AM, Mark Murphy wrote:
Here is the configuration, as you can see the default host is set and the
IP is not aliased.
in server.xml
...
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
...
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="xxxxxxx.keystore"
keystorePass="xxxxxxx" keyAlias="xxxxxxx"
clientAuth="false" sslProtocol="TLS" />
...
<Engine name="Catalina" defaultHost="www.torquewrenchrecalibration.com">
...
<Host name="www.torquewrenchrecalibration.com" appBase="webapps"
unpackWARs="true" autoDeploy="false"
xmlValidation="false" xmlNamespaceAware="false">
<Alias>www.torque-wrench-recalibration.com</Alias>
<Alias>www.myerstorquetracker.com</Alias>
</Host>
...
in web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire App</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
...
On Thu, Apr 17, 2014 at 9:42 AM, Jeffrey Janner <jeffrey.jan...@polydyne.com
wrote:
-----Original Message-----
From: Mark Murphy [mailto:jmarkmur...@gmail.com]
Sent: Wednesday, April 16, 2014 12:42 PM
To: Tomcat Users List
Subject: Configuration question
How do I prevent Tomcat 6 from responding to a request to an IP
address, that is I only want my Tomcat server to respond to requests to
www.mydomain.com vs. 10.1.1.1.
Is this possible?
To address the question asked:
The easiest way may be to create a dummy <Host> entry with an <Alias>
entry for the IP Address. Do not allocate any contexts to the host, or
perhaps one that points to an empty directory. Haven't tested it, just a
thought.
However read rest of answer.
The problem is that our web security scanner is reporting "Web Server
Uses Basic Authentication Without HTTPS", and the infrastructure guys
think it is because Tomcat allows connection to the IP address.
Does this make sense?
No this does not make sense. If the IP isn't returning HTTPS, then your
DNS name probably isn't either. Tomcat doesn't care about the supplied
name, except to match it to the <Host> entry in server.xml. You didn't
post your config, but I'm assuming that the default host is set to
www.mydomain.com, and the IP address isn't aliased. If it is not that
way, you should either correctly set your default host, or add an <Alias>
entry for the IP address to you <Host> config.
You'd definitely get this response if your default host was still set at
the default of "localhost", instead of your <Host> entry's name value,
there was no <Alias> entry for the IP, and the security tester was testing
against IP as well as name (though one would expect the report to indicate
this).
Is the manager app deployed?
-Terence Bandoian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
