-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Shaik,
On 6/8/17 1:18 AM, Shaik, Mohammad N. wrote: > Hi Olaf & Chris, > > By placing HTTPD 2.x server in front of Tomcat 6, is it possible to > hide Tomcat 6 from external world? I just don’t want people to find > out that I am using Tomcat 6, instead I want them to know that I am > using httpd 2.x server. Is this possible? > > I just need Apache HTTPD server to take care of headers and let > Tomcat do rest of the stuff (which it is already doing in my case). > Do I still need to configure anything other than headers in my > case? Not really. If you configure httpd -> Tomcat, then you can firewall-out everyone from your Tomcat server except the server running httpd. By default, httpd will return its own "Server" header so you don't even need to try to mask Tomcat's existence that way. - -chris > -----Original Message----- From: Olaf Kock > [mailto:tom...@olafkock.de] Sent: 31 May 2017 16:38 To: Tomcat > Users List <users@tomcat.apache.org> Subject: [External] Re: > Security Headers Implementation in Tomcat 6.x version > > Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.: >> Hello Olaf, >> >> Thanks for your response! >> >> Based on your inputs, we are thinking to put Apache httpd in >> front of Tomcat 6 server, since our header configuration is going >> to be static. >> >> Can you please help us in identifying which version of Apache >> HTTP Server we can use for Tomcat 6 version? Also, it will be >> great if you can share some guidelines on how to implement Apache >> in front of Tomcat. > > For completeness sake I'd like to answer a few of these questions, > rather briefly. It seems that you're deep into implementing > Christopher's solution of compiling the newer filters for Tomcat > 6. > > Every current Apache httpd is fine, no version restriction. > Especially: Choose one that will get updates for quite a while, not > like the outdated Tomcat version you're running. Read on mod_proxy, > mod_proxy_ajp, mod_jk and mod_proxy_http, which are all keywords on > the connection between Apache and tomcat. Once you've set this up, > setting the headers is a matter of adding the "Header" directive to > httpd's configuration. I understand though, that setting up the > connection can be some task if you've never done that. Especially > if you're using https, and also refer to it in your webapp's code > (e.g. to validate client certs) - but as you give no clue you're > doing that, I'm assuming you don't and the setup would be easy. > > Anyway, feel free to utilize the newer code - I just wanted this > information to be in this thread as well. However, once you're done > with it: Utilize even more newer code and prepare to migrate away > from your discontinued tomcat version. > > Olaf > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > ________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If > you have received it in error, please notify the sender immediately > and delete the original. Any other use of the e-mail by you is > prohibited. Where allowed by local law, electronic communications > with Accenture and its affiliates, including e-mail and instant > messaging (including content), may be scanned by our systems for > the purposes of information security and assessment of internal > compliance with Accenture policy. > ______________________________________________________________________ ________________ > > www.accenture.com > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZOZqoAAoJEBzwKT+lPKRYVBAP/RotI8+S6dbEVYxNNJtwIoLT LzoBCrxF/VWva8CUqGNrWJNdjy4IUuwiB00zGYZpyXmvIVAjG8H+fq+pocYVTSLz 1q6ZiqLuw3yj2xottS2fBY3lQC3hQawGjP9IX+Y3/qq9lgGNificZ7ok2iBBhlrZ CiwiQSVuvpboawxYKl62kXB6c2pprzGqRZ1l6I+pcir/mMHJ6W0fYXrdxgEk8M9d aY7W0YRugVsCbuAHqpQ+1Jr2jv3+Wme1LknTV9+ixmbHnu0UecoIhseWywDanrQD 1if8Rh/TtuT31wWKu7nn48llofjzmWwNRVjaFeNY9u/zjMkimcQ2B+shSuq81M5H BxcvutplbYhGWED2AS/G/OviNbC+JJiaDXgE+mrH31kNfH9WXS5DH+RZO0q1kxmy gXrBQ4M+XoZgloQQ4Y9kSRfEBeEccr3axtdo7FwpqJjCesLFSfCkUZgGHhOFuGAx JGG4zIu2JLAsNVXu76KSX7JNPvnWoqrYzmrV5uweDU3xf3Mls2A2LuxEOTe5ANOg jDVH6K6UbkplWHvAWKDIUcKyTPKKbk7M5M3zikwdpC+YD7g8oxZHD0kZKtej0y7F dbV4MXJS0M4x/dLvDKX3B1llHTmyHHJ7li02YO/3/tslMJiqZ2xsmSOzxJTxsG5j ZFaXCW7JdKIBmiFR397r =UPn3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
