Re: several virtual hosts -- single application
Thanks a lot for your help Adrian. Unfortunately that hasn't helped, as CFMX doesn't parse the cfm pages, yet it works perfectly when I try http://localhost:8080/domain1 yet http://domain1:8080 which points to the same folder (i.e. myapps/domain1) just displays the cfmx code - the correct file is found but the application does not know that it should be parsing it. It must be the way in which virtual hosts are 'ignored' by the application to which they are pointed, if the target folder is not the app folder i.e. a sub-folder like 'domain1' or 'domain2' - I'm sure I just need to give Tomcat a hint that it should use CFMX when it encouters '.cfm' files but I can't seem to crack it... Anyone with any idea would be very welcome as this has been bugging me for nearly a week and I'm trying to avoid having to use Apache (which would solve the specific problem immediately, but would add another server increase complexity) Thanks, James - Original Message - From: Adrian Lanning [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 15, 2004 8:42 PM Subject: Re: several virtual hosts -- single application Hi James, On Linux, I've accomplished this using the following configuration: + snip from server.xml on linux + Host name=domain1 debug=0 appBase=webapps/app1 unpackWARs=true autoDeploy=true /Host Host name=domain2 debug=0 appBase=webapps/app2 unpackWARs=true autoDeploy=true /Host + snip from server.xml on linux + On Windows, try this: + snip from server.xml on windows + Host name=domain1 debug=0 appBase=webapps unpackWARs=true autoDeploy=true Context path= docBase=/app1 debug=1/ /Host Host name=domain2 debug=0 appBase=webapps unpackWARs=true autoDeploy=true Context path= docBase=/app2 debug=1/ /Host + snip from server.xml on windows + I don't know why it acts differently on windows and linux... Also, I've noticed that the windows setup seems to create two instances of each app when viewed in the manager. One as / and one as app1 or app2 (depending on which domain you log into). So this should get you started but I wouldn't use the windows setup for production. Linux you should be good to go. HTH, Adrian Lanning - Original Message - From: James Agnew [EMAIL PROTECTED] To: tomcat list [EMAIL PROTECTED] Sent: Monday, March 15, 2004 5:24 AM Subject: several virtual hosts -- single application Hello Is it possible to have several virtual hosts point to different folders within the same context under tomcat 5 standalone webserver? Host name=domain1.com debug=0 appBase=webapps Context path= docBase=domain1 debug=0 reloadable=true/ /Host Host name=domain2.com debug=0 appBase=webapps Context path= docBase=domain2 debug=0 reloadable=true/ /Host http://domain1.com -- myapps/domain1 http://domain2.com -- myapps/domain2 so that one application handles all the requests? I'm running Cold Fusion as the application and I need it to handle request for virtual hosts within its own context i.e. domain1 and domain2. I can achieve this easily with VirtualHost directive in Apache, but can't get it to work under Tomcat standalone. Is it possible? Any help much appreciated. James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
several virtual hosts -- single application
Hello Is it possible to have several virtual hosts point to different folders within the same context under tomcat 5 standalone webserver? Host name=domain1.com debug=0 appBase=webapps Context path= docBase=domain1 debug=0 reloadable=true/ /Host Host name=domain2.com debug=0 appBase=webapps Context path= docBase=domain2 debug=0 reloadable=true/ /Host http://domain1.com -- myapps/domain1 http://domain2.com -- myapps/domain2 so that one application handles all the requests? I'm running Cold Fusion as the application and I need it to handle request for virtual hosts within its own context i.e. domain1 and domain2. I can achieve this easily with VirtualHost directive in Apache, but can't get it to work under Tomcat standalone. Is it possible? Any help much appreciated. James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple Host (no apache or iis)
Hi Could you try it again, but remove the : after 'webapps' for test1 ...assuming that was just a typo and that it still doesn't work, what context is your app in? If it's / then does http://localhost:8080 work ok? Place 2 folders in this directory so you have - http://localhost:8080/test1 http://localhost:8080/test2 If all that still works, then clear your host info, add the following in simplified your server.xml Host name=test1.mydomain.com debug=0 appBase=webapps Context path= docBase=test1 /Host Host name=test2.mydomain.com debug=0 appBase=webapps Context path= docBase=test2 /Host See if that works, if not get back to us :) James - Original Message - From: Roland Carlsson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, March 12, 2004 8:24 PM Subject: Multiple Host (no apache or iis) Hi! I have tried to search for this but all hits seems to be about getting tomcat to work together with apache or iis. I can't figure out why my test1-domain doesn't answer at all. All I gets is a 400-error. What bother me the most is that there is nothing in the catalina.out log that indicats that there are something wrong so I don't even know where to start look. I post the Host-part of my server.xml below. Thanks in advance Roland Carlsson Host name=test1.mydomain.com debug=0 appBase=webapps: unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=test1_access_log. suffix=.txt pattern=combined resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=test1.log. suffix=.txt timestamp=true/ /Host Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=combined resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ /Host - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Virtual hosts for single application context
Any ideas guys/gals? I have an application (CFMX) running under Tomcat 5.0.18 as a deployed war file within the ROOT folder i.e. $CATALINA_HOME/webapps/ROOT/ this all works perfectly and correcly parses all .cfm files. Now, I've created virtual hosts by adding the following in server.xml: Host name=website1.com debug=0 appBase=webapps Context path= docBase=website1 debug=0 reloadable=true/ /Host Host name=website2.com debug=0 appBase=webapps Context path= docBase=website2 debug=0 reloadable=true/ /Host This works, but the application (i.e. CFMX) doesn't parse the .cfm pages within the website1 and website2 folders. Is it possible to map multiple virtual hosts to a single application context so that the applications handles the page requests? Thanks, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
virtual hosts for single application context
Hello all, I have an application (CFMX) running under Tomcat 5.0.18 as a deployed war file within the ROOT folder i.e. $CATALINA_HOME/webapps/ROOT/ this all works perfectly and correcly parses all .cfm files. Now, I've created virtual hosts by adding the following in server.xml: Host name=website1.com debug=0 appBase=webapps Context path= docBase=website1 debug=0 reloadable=true/ /Host Host name=website1.com debug=0 appBase=webapps Context path= docBase=website2 debug=0 reloadable=true/ /Host This works, but the application (i.e. CFMX) doesn't parse the .cfm pages within the website1 and website2 folders. Is it possible to map multiple virtual hosts to a single application context? Thanks, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: https without specifying the port in address bar
If the *only* port that your company's firewall is listening on is 8443, then there's nothing you can do, as all traffic to other ports (e.g. 443 for SSL) will be dropped. If there's some kind of proxy in between, then you could use port forwarding, where the client request for port 443 is translated to 8443. The only other solution is to open up port 443 on the firewall and, if you can only run Tomcat on 8443, then set up a firewall rule to translate 443 to 8443. - Original Message - From: Forte, Graham [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Thursday, March 11, 2004 7:21 PM Subject: https without specifying the port in address bar Hello all, I am trying to stand up a site and my company has all ports except for 8443 blocked. Thus if someone types in www.mydomain.com they cant get to any of my pages. SSL is a requirement for this site. How can I set this up so that if the user types in https://www.mydomain.com they will see my pages. Right now they have to type in https://www.mydomain.com:8443/logon.jsp Thanks in advance! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: virtual hosts for single application context
..of course, the second host name should read 'website2.com' - apologies for typo. I've just tried the same approach with the website1 and website2 folders directly below the application context, but it still doesn't want to parse. Appreciate any input Thanks, James - Original Message - From: James Agnew [EMAIL PROTECTED] To: tomcat list [EMAIL PROTECTED] Sent: Thursday, March 11, 2004 7:30 PM Subject: virtual hosts for single application context Hello all, I have an application (CFMX) running under Tomcat 5.0.18 as a deployed war file within the ROOT folder i.e. $CATALINA_HOME/webapps/ROOT/ this all works perfectly and correcly parses all .cfm files. Now, I've created virtual hosts by adding the following in server.xml: Host name=website1.com debug=0 appBase=webapps Context path= docBase=website1 debug=0 reloadable=true/ /Host Host name=website1.com debug=0 appBase=webapps Context path= docBase=website2 debug=0 reloadable=true/ /Host This works, but the application (i.e. CFMX) doesn't parse the .cfm pages within the website1 and website2 folders. Is it possible to map multiple virtual hosts to a single application context? Thanks, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding Apache-Coyote/1.1 banner in Tomcat 5
I just like to reduce as much as possible the amount of information that a server gives out. Letting oppotunist crackers, who run a 1 minute nessus scan, know the version and type of the webserver, should IMO be avoided if possible. Sure, it won't put-off the determined cracker, but it might force some to move onto easier prey. Anyway, back to the matter in hand - do you know how one might go about this? Thanks, James On 03/08/2004 02:57 PM James Agnew wrote: I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Pardon my ignorance, but what is the problem with that? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
There's no implementation of the servlet doPut() and doDelete() methods so nothing can actually be put or deleted, but that's true before even creating the security constraint. Yet, testing for PUT and DELETE methods still show that they're enabled. Our security scanners still flag these methods as being available, albeit not exploitable. Is there any way to prevent the server from responding to these methods? I ran the same scan tests on one of our Apache boxes and it can back complete dead on the PUT and DELETE methods i.e. it didn't respond in any way - that's the behaviour we're looking for. Would the same not be possible on Tomcat standalone? Thanks, David - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 08, 2004 11:39 PM Subject: Re: Disabling PUT and DELETE methods in Tomcat 5 standalone What I was implying is that you have effectively disabled it already this way. Or are you able to do PUTs and DELETEs despite the security constraint? I'd be surprised. Adam On 03/08/2004 11:24 PM James Agnew wrote: So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Steps to follow for SSL
Uma Checkout the section entitled 'Installing a Certificate from a Certificate Authority' here: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html You'll need to create a CSR that you send to your Certificate Authority, along with company registration details etc, for the company that has registered the domain name you're securing with a cert. It's important that these details match exactly with the registered owner details for your domain, otherwise there'll be processing delays. I use Thawte for all my secure certs with Tomcat and I've never had any problems. Here are their instructions for setting up a secure cert under Tomcat: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs15596 If you follow their instructions carefully, you should have no problems, just make sure that you use the same password for the keystore *and* the actual certificate key (just accept default prompt). If you use a password different from the default ('changeit') you'll need to add the keystorePass=your new password attribute to the Connector element. Same thing applies if you choose a different location for your keystore (the default is the home file of the user under whom Tomcat is running). If you change this, then add the keystoreFile=/path/to/keystore attribute to the Connector element. Hope this help, James - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 09, 2004 3:47 AM Subject: Steps to follow for SSL Hi, Can some one tell me what are the steps that I need to follow for installing SSL on Tomcat 5. I have already woked on creating a self cretified certificate and it works good. But when I purchase a certificate what are the steps that I need to do i.e importing the certificate and where to place it so that tomcat can recognize it, etc.. Thank you, Best Regards, Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Hiding Apache-Coyote/1.1 banner in Tomcat 5
I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Any ideas? Thanks, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]