and while you're at it, you should block 8005 as someone else pointed out very intelligently the other day.
8005 is tomcat's control port (i don't know the official name). If you type: telnet nameoftomcatserver 8005 Once you connect, type SHUTDOWN and hit return. Tomcat will shut down. So you need to block this port as well, probably from every machine except localhost (it needs to be accessible from localhost if you want tomcat's shutdown script to be able to shut it down!). fillup On 6/6/02 11:04 AM, "Wagoner, Mark" <[EMAIL PROTECTED]> wrote: > Here are a couple: > > http://netfilter.samba.org/documentation/ > > http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html > > > Note that IPTables is for kernel version 2.4.x, 2.2.x used IPChains (you can > find documentation on IPChains at these sites also). > > HTH > > -----Original Message----- > From: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 06, 2002 1:43 PM > To: 'Tomcat Users List' > Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1) > > > Can You give me an hint how to configure the IPTables or where to read about > this? > Thanks. > > > Gruesse > Martin Buehrle > > _________________________________________________________________________ > Martin Buehrle, FCI1 > EADS - European Aeronautic Defence and Space Company > LFK-Lenkflugkoerpersysteme GmbH > Postfach 1661 > 85705 UNTERSCHLEISSHEIM > Telefon: +49 89 3179-8460 > Telefax: +49 89 3179-8927 > eMail: [EMAIL PROTECTED] > _________________________________________________________________________ > > > >> -----Ursprüngliche Nachricht----- >> Von: Wagoner, Mark [SMTP:[EMAIL PROTECTED]] >> Gesendet am: Donnerstag, 6. Juni 2002 19:17 >> An: 'Tomcat Users List' >> Betreff: RE: Access-Control for Tomcat-Webserver (Version 4.0.1) >> >> Sorry, I guess I should have read your question more closely. :o/ >> >> If you are on Linux you can block the request using IPTables when the >> source >> is outside your intranet. >> >> Otherwise, you may have to write a filter that examines the server port >> and >> requesting IP address. >> >> >> -----Original Message----- >> From: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]] >> Sent: Thursday, June 06, 2002 12:38 PM >> To: 'Tomcat Users List' >> Subject: AW: Access-Control for Tomcat-Webserver (Version 4.0.1) >> >> >> Hi Mark, >> >> I cannot remove the standalone-service, because I need it for testing. Due >> to a bug I am not able to see changes out of my CMS-Servlet via >> WARP-Connector and Apache immediately. I just can see it under Port 8080 / >> Tomcat-Standalone-Server until I restart Tomcat in the night. >> >> We will work on this bug and in the meantime we need another >> access-control-solution. >> >> Thanks for reply. >> >> >> Gruesse >> Martin Buehrle >> >> _________________________________________________________________________ >> Martin Buehrle, FCI1 >> EADS - European Aeronautic Defence and Space Company >> Postfach 1661 >> 85705 UNTERSCHLEISSHEIM >> Telefax: +49 89 3179-8927 >> eMail: [EMAIL PROTECTED] >> _________________________________________________________________________ >> >> >> >>> -----Ursprüngliche Nachricht----- >>> Von: Wagoner, Mark [SMTP:[EMAIL PROTECTED]] >>> Gesendet am: Donnerstag, 6. Juni 2002 18:13 >>> An: 'Tomcat Users List' >>> Betreff: RE: Access-Control for Tomcat-Webserver (Version 4.0.1) >>> >>> Since you are using WARP exclusively, you can remove the >>> "Tomcat-Standalone" >>> service from your server.xml file. After you restart Tomcat, it will no >>> longer be listening for HTTP requests. >>> >>> -----Original Message----- >>> From: "Bührle, Martin, FCI1" [mailto:[EMAIL PROTECTED]] >>> Sent: Thursday, June 06, 2002 12:01 PM >>> To: '[EMAIL PROTECTED]' >>> Subject: Access-Control for Tomcat-Webserver (Version 4.0.1) >>> >>> >>> Hi List, >>> >>> >>> we have built up a closed Intranet for our employees with an TOmcat >>> (4.0.1), >>> Apache and WARP-Connector - Configuration >>> and Apache access-control, using the <LOCATION> - directive from Apache. >>> >>> Our Intranet - Content is served by a Tomcat-servlet. >>> >>> >>> The only problem we have, is that you can still reach the content of the >>> CMS-servlet under port 8080 from outside our business unit, because this >>> port is the standard-tomcat HTTP-Server and the apache-access-control >>> doesnt >>> work in this case. >>> >>> Within the closed intranet we need this tomcat-http-server for testing, >> so >>> I >>> need an access-control feature like the <Location>-directive in apache, >>> closing the port 8080 is not a solution so far. >>> >>> Does anybody know what to to? >>> >>> Thanks for Your help! >>> >>> >>> >>> >>> Gruesse >>> Martin Buehrle >>> >>> >> _________________________________________________________________________ >>> Martin Buehrle, FCI1 >>> EADS - European Aeronautic Defence and Space Company >>> Postfach 1661 >>> 85705 UNTERSCHLEISSHEIM >>> Telefax: +49 89 3179-8927 >>> eMail: [EMAIL PROTECTED] >>> >> _________________________________________________________________________ >>> >>> >>> >>> >>> -- >>> To unsubscribe, e-mail: >>> <mailto:[EMAIL PROTECTED]> >>> For additional commands, e-mail: >>> <mailto:[EMAIL PROTECTED]> >>> >>> -- >>> To unsubscribe, e-mail: >>> <mailto:[EMAIL PROTECTED]> >>> For additional commands, e-mail: >>> <mailto:[EMAIL PROTECTED]> >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
