AW: Access-Control for Tomcat-Webserver (Version 4.0.1)

2002-06-06 Thread "Bührle, Martin, FCI1" 

Hi Mark,

I cannot remove the standalone-service, because I need it for testing. Due
to a bug I am not able to see changes out of my CMS-Servlet via
WARP-Connector and Apache immediately. I just can see it under Port 8080 /
Tomcat-Standalone-Server until I restart Tomcat in the night.

We will work on this bug and in the meantime we need another
access-control-solution.

Thanks for reply.


Gruesse
 Martin Buehrle

_
Martin Buehrle, FCI1
EADS - European Aeronautic Defence and Space Company
Postfach 1661
85705 UNTERSCHLEISSHEIM
Telefax: +49 89 3179-8927
eMail: [EMAIL PROTECTED]
_



> -Ursprüngliche Nachricht-
> Von:  Wagoner, Mark [SMTP:[EMAIL PROTECTED]]
> Gesendet am:  Donnerstag, 6. Juni 2002 18:13
> An:   'Tomcat Users List'
> Betreff:  RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
> 
> Since you are using WARP exclusively, you can remove the
> "Tomcat-Standalone"
> service from your server.xml file.  After you restart Tomcat, it will no
> longer be listening for HTTP requests.
> 
> -Original Message-
> From: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 06, 2002 12:01 PM
> To: '[EMAIL PROTECTED]'
> Subject: Access-Control for Tomcat-Webserver (Version 4.0.1)
> 
> 
> Hi List,
> 
> 
> we have built up a closed Intranet for our employees with an TOmcat
> (4.0.1),
> Apache and WARP-Connector - Configuration 
> and Apache access-control, using the  - directive from Apache.
> 
> Our Intranet - Content is served by a Tomcat-servlet.
> 
> 
> The only problem we have, is that you can still reach the content of the
> CMS-servlet under port 8080 from outside our business unit, because this
> port is the standard-tomcat HTTP-Server and the apache-access-control
> doesnt
> work in this case.
> 
> Within the closed intranet we need this tomcat-http-server for testing, so
> I
> need an access-control feature like the -directive in apache,
> closing the port 8080 is not a solution so far.
> 
> Does anybody know what to to?
> 
> Thanks for Your help!
> 
> 
> 
> 
> Gruesse
>  Martin Buehrle
> 
> _
> Martin Buehrle, FCI1
> EADS - European Aeronautic Defence and Space Company
> Postfach 1661
> 85705 UNTERSCHLEISSHEIM
> Telefax: +49 89 3179-8927
> eMail: [EMAIL PROTECTED]
> _
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:
> 
> For additional commands, e-mail:
> 
> 
> --
> To unsubscribe, e-mail:
> 
> For additional commands, e-mail:
> 

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

AW: Access-Control for Tomcat-Webserver (Version 4.0.1)

2002-06-06 Thread "Bührle, Martin, FCI1" 

Can You give me an hint how to configure the IPTables or where to read about
this?
Thanks.


Gruesse
 Martin Buehrle

_
Martin Buehrle, FCI1
EADS - European Aeronautic Defence and Space Company
LFK-Lenkflugkoerpersysteme GmbH
Postfach 1661
85705 UNTERSCHLEISSHEIM
Telefon: +49 89 3179-8460
Telefax: +49 89 3179-8927
eMail: [EMAIL PROTECTED]
_



> -Ursprüngliche Nachricht-
> Von:  Wagoner, Mark [SMTP:[EMAIL PROTECTED]]
> Gesendet am:  Donnerstag, 6. Juni 2002 19:17
> An:   'Tomcat Users List'
> Betreff:  RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
> 
> Sorry, I guess I should have read your question more closely.  :o/
> 
> If you are on Linux you can block the request using IPTables when the
> source
> is outside your intranet.
> 
> Otherwise, you may have to write a filter that examines the server port
> and
> requesting IP address.
> 
> 
> -Original Message-
> From: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 06, 2002 12:38 PM
> To: 'Tomcat Users List'
> Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1)
> 
> 
> Hi Mark,
> 
> I cannot remove the standalone-service, because I need it for testing. Due
> to a bug I am not able to see changes out of my CMS-Servlet via
> WARP-Connector and Apache immediately. I just can see it under Port 8080 /
> Tomcat-Standalone-Server until I restart Tomcat in the night.
> 
> We will work on this bug and in the meantime we need another
> access-control-solution.
> 
> Thanks for reply.
> 
> 
> Gruesse
>  Martin Buehrle
> 
> _
> Martin Buehrle, FCI1
> EADS - European Aeronautic Defence and Space Company
> Postfach 1661
> 85705 UNTERSCHLEISSHEIM
> Telefax: +49 89 3179-8927
> eMail: [EMAIL PROTECTED]
> _
> 
> 
> 
> > -Ursprüngliche Nachricht-
> > Von:Wagoner, Mark [SMTP:[EMAIL PROTECTED]]
> > Gesendet am:Donnerstag, 6. Juni 2002 18:13
> > An: 'Tomcat Users List'
> > Betreff:RE: Access-Control for Tomcat-Webserver (Version 4.0.1)
> > 
> > Since you are using WARP exclusively, you can remove the
> > "Tomcat-Standalone"
> > service from your server.xml file.  After you restart Tomcat, it will no
> > longer be listening for HTTP requests.
> > 
> > -Original Message-
> > From: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, June 06, 2002 12:01 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: Access-Control for Tomcat-Webserver (Version 4.0.1)
> > 
> > 
> > Hi List,
> > 
> > 
> > we have built up a closed Intranet for our employees with an TOmcat
> > (4.0.1),
> > Apache and WARP-Connector - Configuration 
> > and Apache access-control, using the  - directive from Apache.
> > 
> > Our Intranet - Content is served by a Tomcat-servlet.
> > 
> > 
> > The only problem we have, is that you can still reach the content of the
> > CMS-servlet under port 8080 from outside our business unit, because this
> > port is the standard-tomcat HTTP-Server and the apache-access-control
> > doesnt
> > work in this case.
> > 
> > Within the closed intranet we need this tomcat-http-server for testing,
> so
> > I
> > need an access-control feature like the -directive in apache,
> > closing the port 8080 is not a solution so far.
> > 
> > Does anybody know what to to?
> > 
> > Thanks for Your help!
> > 
> > 
> > 
> > 
> > Gruesse
> >  Martin Buehrle
> > 
> >
> _
> > Martin Buehrle, FCI1
> > EADS - European Aeronautic Defence and Space Company
> > Postfach 1661
> > 85705 UNTERSCHLEISSHEIM
> > Telefax: +49 89 3179-8927
> > eMail: [EMAIL PROTECTED]
> >
> _
> > 
> > 
> > 
> > 
> > --
> > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > 
> > --
> > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

AW: Access-Control for Tomcat-Webserver (Version 4.0.1)

2002-06-06 Thread Ralph Einfeldt 

Depending on how good you wan't to disable access from the outside
and what the outside is (other departments, internet) there are at
least the following options:

- Use org.apache.catalina.valves.RemoteHostValve or
  org.apache.catalina.valves.RemoteAddrValve
  To allow/block certain Hosts/IP's.
  Have a look at
  http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/engine.html
 
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/valve.html#Remote
%20Address%20Filter

- Build you own protection.
  E.G. create a filter that checks if the sever port is 8080
  and blocks every request where the client doesn't belong to 
  list of IP's.

- Use authentication
  If you don't want to enter username and password each time
  you login to the application you can use client certificates

- Use a firewall
  To restrict the access inside an intranet it's
  possibe to use a (software) firewall on the server 
  that disables the port for all IP outside of the 
  department.

> -Ursprüngliche Nachricht-
> Von: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 6. Juni 2002 18:01
> An: '[EMAIL PROTECTED]'
> Betreff: Access-Control for Tomcat-Webserver (Version 4.0.1)
> 
> The only problem we have, is that you can still reach the 
> content of the CMS-servlet under port 8080 from outside our 
> business unit, because this port is the standard-tomcat 
> HTTP-Server and the apache-access-control doesnt
> work in this case.
> 

--
To unsubscribe, e-mail:   
For additional commands, e-mail: