That I was "shot down in flames" when I tried to get in from my
Chromebook, through the hotspot on my cell phone, makes it unlikely that
Tomcat is seeing a proxy IP, especially given that (as I understand it)
I would have had to authorize the proxy IP to get in from my office IP,
and I have no idea what their proxy IP even is.
What really puzzles me about the whole thing is that the pen-tester
claimed to have gotten a sign-on pane. As I said, this was my first
test-case of setting up a working remote address valve, and while I just
found and removed two unaccounted-for (probably obsolete) authorized
addresses, the odds against the pen-tester trying to get in from one of
those addresses were about two billion to one.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
