> From: Mark Claassen [mailto:[EMAIL PROTECTED]
> Say Tomcat is on a machine called TestMachine.
> If I put "127.0.0.1" in the address field, it accepts
> connections of the
> form "http: //127.0.0.1/..." only
> It does not accept connections from "http:
> //TestMachine/...", even though
> the server is this same machine.
> I was hoping that it would accept all connections from the
> local machine,
> regardless of what the connection was called.
>
> Is there a way to do this?
Yes. Add '127.0.0.1 TestMachine' into testmachine's /etc/hosts file.
> Is this be design?
Yes - IP design. If you make a connection to an IP address, the
receiving socket must be bound to that IP address. If the name
TestMachine maps to (say) 10.0.0.1, the IP stack will make the outbound
connection to 10.0.0.1:80. But here you've elected not to bind the
socket to 10.0.0.1:80, so the inbound connection will fail.
> Can IP spoofing get around this protection?
Not trivially, as you have to spoof the destination IP address, not the
source. I wouldn't like to spoof it over the Internet - you'd have to
compromise each router by some means. Yes on the same subnet, by
obtaining the MAC address for one of TestMachine's network adapters and
crafting an IP datagram with a forged destination address. This could
be protected against by the input policy on the adapter blocking
datagrams with a 127.0.0.1 destination address - or, in fact, any
address other than one of the legitimate IP addresses bound to that
adapter (plus any multicasts you use).
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
