James,
On 2/2/23 12:38, James H. H. Lampert wrote:
That I was "shot down in flames" when I tried to get in from my
Chromebook, through the hotspot on my cell phone, makes it unlikely that
Tomcat is seeing a proxy IP, especially given that (as I understand it)
I would have had to authorize the proxy IP to get in from my office IP,
and I have no idea what their proxy IP even is.
What really puzzles me about the whole thing is that the pen-tester
claimed to have gotten a sign-on pane. As I said, this was my first
test-case of setting up a working remote address valve, and while I just
found and removed two unaccounted-for (probably obsolete) authorized
addresses, the odds against the pen-tester trying to get in from one of
those addresses were about two billion to one.
Screenshot with current time or it didn't happen.
You could also look at your access logs on both the reverse proxy and
the Tomcat node.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org