For the first question: - Which tomcat do you use ? - Do you run it stand alone or with apache or iis - Which connector do you use
For the second question: I would't do that. It introduces more problems than it helps. Blocking an IP is a dangerous thing. There can be serveral thausend people that have the same IP. They would all be blocked. If you implement somthing like this it's very easy to disable your site for a wide range of users. (If some hackers find out that 'feature' they will play around with that. It's possible to send out packets with faked IP adresses. So if a hacker wants to attack your site, he can issue requests with IP's from proxies with a high user number) Blocking an IP is not very effective, as any hacker who has a provider with dynamic IP's can change his IP with every try. (If you block that IP, the next user that gets this IP will be blocked). The only scenario where this would make sense is an extranet where you know that the each user will have a unique IP. (But in this case I would rather restrict the IP's for the incoming requests) > -----Ursprüngliche Nachricht----- > Von: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] > Gesendet: Freitag, 31. Mai 2002 00:24 > An: [EMAIL PROTECTED] > Betreff: Need Help plz > > > > Hi , > > i need help please in two subjects .. My problems are what > configuration I should have to do in the server to prevent: > > 1) Prohibit downloading the *.jsp files from any client on the > internet... [ I noticed that if I wrote the URL of my site > ending with > myFile.JSP [ JSP in Capital letters] the page not opened ! , but the > server offered me to download the file it self ! ..Which I > don’t want > any user knows this property to download my own source-code jsp files! > > 2) My application is depend on a password > authentication , which > I don’t want any cracker to keep trying > usernames/passwords for > many tries .. How should I tell the server to block an ip > after 3 times > tries [for example] and for how long this ip will be blocked! > > are thses problems related with the Apache server or Tomcat > serve or both > of them !!.. does anyone face like these problems ?! > > > Java_lover : Walid > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>