> From: Mark Claassen [mailto:[EMAIL PROTECTED] > Say Tomcat is on a machine called TestMachine. > If I put "127.0.0.1" in the address field, it accepts > connections of the > form "http: //127.0.0.1/..." only > It does not accept connections from "http: > //TestMachine/...", even though > the server is this same machine. > I was hoping that it would accept all connections from the > local machine, > regardless of what the connection was called. > > Is there a way to do this?
Yes. Add '127.0.0.1 TestMachine' into testmachine's /etc/hosts file. > Is this be design? Yes - IP design. If you make a connection to an IP address, the receiving socket must be bound to that IP address. If the name TestMachine maps to (say) 10.0.0.1, the IP stack will make the outbound connection to 10.0.0.1:80. But here you've elected not to bind the socket to 10.0.0.1:80, so the inbound connection will fail. > Can IP spoofing get around this protection? Not trivially, as you have to spoof the destination IP address, not the source. I wouldn't like to spoof it over the Internet - you'd have to compromise each router by some means. Yes on the same subnet, by obtaining the MAC address for one of TestMachine's network adapters and crafting an IP datagram with a forged destination address. This could be protected against by the input policy on the adapter blocking datagrams with a 127.0.0.1 destination address - or, in fact, any address other than one of the legitimate IP addresses bound to that adapter (plus any multicasts you use). - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]