"Caldarale, Charles R" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Subject: Filtering the apache clients >> >> Is there any way of configuring the Tomcat <Connector> to >> only accept AJP connections from a specific apache server? > >1) Comment out the other <Connector> elements. > >2) Configure the RemoteAddrValve for the desired IP address: >http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote%20Address%20Filter >
This won't work, since under AJP/1.3 the "Remote Address" is the address of the client that connects to Apache, not the address of the Apache machine. >From a quick code check, it looks like the "secure" option isn't supported any longer in mod_jk (it was never that secure to begin with). You can duplicate it by setting: JkEnvVar MyAuthCode password in trusted Apache's, and write a filter that rejects requests that don't have a Request attribute of MyAuthCode with value "password". Of course, it is only as secure as your way to secure the name and value. If you want to restrict access to only the copy of Apache running on the same machine as Tomcat, then you can do: <Connector protocol="AJP/1.3" address="localhost" ...... /> For any other configuration, you should really have a firewall between the internet and Tomcat. >- Chuck --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
