On 5/12/2014 3:32 PM, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Deepak,
On 5/12/14, 10:42 AM, dku...@ccilindia.co.in wrote:
We are using - Tomcat Version - 7.0.22
You should upgrade. Really. We are currently on Tomcat 7.0.53 which
includes improvements and security fixes relative to 7.0.22.
Operating System Version : Windows 2003 server
Isn't support for that dead, now? Maybe it's distinct from Windows XP.
It's only desktop/consumer XP that has timed out. Server 2003 support
runs about another year. XP Embedded has about two more years.
To close a vulnerability, "To denying the request if it comes
through IP address instead of DNS", we have made below
configuration changes in server.xml
<Engine name="Catalina" defaultHost="server DNS name"> defaultHost
was set to localhost prior to change
You didn't need to do this. Instead, you could make a smaller change
that introduces a new <Host> within your existing engine. The name of
the host would be the IP-address of the server instead of its DNS name.
I'm curious as to why you think that responding to a request that uses
the server's IP address is a vulnerability.
But Due this change we are losing logging in localhost.log in logs
folder of TOMCAT, Please suggest how to redirect console logging to
a given file or how to retain the localhost.log file of tomcat.
The console log goes to catalina.out regardless of the Engine, Host,
etc. If you didn't configure a logger for your host, I think you'll
get nothing.
You will need to modify conf/logging.properties to route messages for
your new <Host> to the existing "localhost" log file.
Kindly also let us know instead of above settings any other
configuration setting will make denial of any request if it comes
through IP address instead of DNS.
You could also install a Filter into your web application that simply
rejects all requests whose Host header does not match your DNS
hostname. No configuration in Tomcat would be necessary: just a new
class in your web application and (possibly) a bit of configuration in
your WEB-INF/web.xml file.
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTcSHQAAoJEBzwKT+lPKRY89UP/39c40k2h9wu8M0A3vmN/bbI
/fUmWv9mcUerQCXfU8IWfwK28cefTRBNgjXnxXFOuP9FNIDfaJQS35FKpPpiI2Jr
OV1HLEJc75FqSQvbSF2cQtYg/CQvITMv6nuLjY+ysoQf7tE3epmrnWyI/lr/FCV3
B66eoVGmA17CuhMDvhoFzgViy8qVga+84WKZzKN+j8m+a2zzK8dvKGEErsvYrisd
bPLWBMprdVUY2xMysDzREJUsRIdmBNyBFamtwUtCDCpme+RhNytkB9I8zJ8gxvs3
XP2vLd80kAIJxJLDNJ97bNoOO30zvl26rFsdHqrSEUAUMGd0faRPelkwZ+257dEi
RCmo6ApVu3Y1YcYlGnYkfX/iq88JPsM8ZxwzMz79WDWrZ6ZzeVLDsfJJ6zIUV+iA
RW0Rca9I4U0QJB/bezdf1b5IJXh1M7oQtvFjgo0cfPNgfQs0LUWkepVRcQhbl0QA
FTOy88Dl5ebg2kfK38gHBO9L/5OvPFg2yQzNT04V28pDSx3DuyrxOZKcgC8iihjp
Rtx9xLoq8Wcjji/y4pgc5Uuk2U/eAbCNsdimIffzrFxUiFRuBcIofEiU9nHBk2ak
5wnlNUnIW4/+81q1ocCgRkFrad0Hz7k6tHPFlQbFZGHscpGNvxD8NGUhtO88zkMg
iyyOpWXcnW8pIWnkWQEn
=14mk
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
