2009/11/16 joeweder <joewe...@gmail.com>: > Question: How can I disable browser access through a specific port but > continue to allow headless https through?
You *could* write a Filter that sniffed at the User-Agent header in the https: request, but most browsers have ways of faking that - you can't rely on *any* data coming in over the https stream to be original rather than altered or injected by a cracker. In essence, there is no secure way of doing what you want. Security by obscurity is poor security. Have you thought about designing the application correctly, so that headless https clients have to authenticate? - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
