Re: denying the request if it comes through IP address instead of DNS

Sat, 17 May 2014 03:40:26 -0700 

dku...@ccilindia.co.in wrote:

Hello All,

We are using -
Tomcat Version - 7.0.22
Operating System Version : Windows 2003 server
To close a vulnerability, "To denying the request if it comes through IP address instead of DNS", we have made below configuration changes in server.xml
<Engine name="Catalina" defaultHost="server DNS name"> defaultHost was set to localhost prior to change <Host name= "server DNS name" appBase="webapps" unpackWARs="true" autoDeploy="true"> Hostname was set to localhost prior to change
But Due this change we are losing logging in localhost.log in logs folder of TOMCAT, Please suggest how to redirect console logging to a given file or how to retain the localhost.log file of tomcat.
Kindly also let us know instead of above settings any other configuration setting will make denial of any request if it comes through IP address instead of DNS, 



Hi.
What you really need first, is to understand how "virtual hosting" works, in HTTP webservers in general. HTTP requests do not "come through DNS" or "come through IP address". They all come in the same way, through a TCP/IP connection established by the browser, to the IP address of your server. 

In short, what you did above was not the right way, for what you seem to want.
What you should have done is this :

1) start from a standard configuration again
2) leave the <Host name="localhost"> as it is (also in the <Engine> tag)
3) *add another* <Host name="the DNS name" appBase="(another path to the real 
webapps)"
That is where your real applications should be.

(and a few more details not entered into here)


Then what will happen is :
- any request addressed to the "DNS name" will be processed by the second Host (the one that you added). That is where your real webapps should be. - any request with another hostname (or IP address) will be processed by the "default host" (the one named "localhost"). That one should then just have a default webapp, which answers "forbidden" or something like that. 

For more details, search Google for "tomcat virtual hosts".
I found a reasonable basic explanation here : http://www.ramkitech.com/2012/02/understanding-virtual-host-concept-in.html 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to