dku...@ccilindia.co.in wrote:
Hello All,
We are using -
Tomcat Version - 7.0.22
Operating System Version : Windows 2003 server
To close a vulnerability, "To denying the request if it comes through IP
address instead of DNS", we have made below configuration changes in
server.xml
<Engine name="Catalina" defaultHost="server DNS name"> defaultHost was
set to localhost prior to change
<Host name= "server DNS name" appBase="webapps" unpackWARs="true"
autoDeploy="true"> Hostname was set to localhost prior to change
But Due this change we are losing logging in localhost.log in logs folder
of TOMCAT, Please suggest how to redirect console logging to a given file
or how to retain the localhost.log file of tomcat.
Kindly also let us know instead of above settings any other configuration
setting will make denial of any request if it comes through IP address
instead of DNS,
Hi.
What you really need first, is to understand how "virtual hosting" works, in HTTP
webservers in general.
HTTP requests do not "come through DNS" or "come through IP address". They all come in
the same way, through a TCP/IP connection established by the browser, to the IP address of
your server.
In short, what you did above was not the right way, for what you seem to want.
What you should have done is this :
1) start from a standard configuration again
2) leave the <Host name="localhost"> as it is (also in the <Engine> tag)
3) *add another* <Host name="the DNS name" appBase="(another path to the real
webapps)"
That is where your real applications should be.
(and a few more details not entered into here)
Then what will happen is :
- any request addressed to the "DNS name" will be processed by the second Host (the one
that you added). That is where your real webapps should be.
- any request with another hostname (or IP address) will be processed by the "default
host" (the one named "localhost"). That one should then just have a default webapp, which
answers "forbidden" or something like that.
For more details, search Google for "tomcat virtual hosts".
I found a reasonable basic explanation here :
http://www.ramkitech.com/2012/02/understanding-virtual-host-concept-in.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org