Can't you just block the port ? That's what I do on my machine : the port 8080 is unavailable from the outside, just from localhost. So my manager webapp is almost flawlessly protected. I only redirect those apps that I need to port 80 using apache / mod_jk.
HTH, Pierre On Wed, Nov 5, 2008 at 10:54 PM, einojah <[EMAIL PROTECTED]> wrote: > > Hello, > > I have an admin area in my application I want to secure. > I know I can define a security constraint to set a basic or digest > authentication for a url pattern. > > But, I don't want the /admin area to be shown outside at all. The basic > authentication is extremely weak and digest auth. also doesn't provide > enough security. > > Is it possible to "hide" an url pattern on the outside, but have it > available when accessing from the server machine? > > thanks.. > > -- > View this message in context: > http://www.nabble.com/Is-it-possible-to-%22hide%22-tomcat-resource-from-outside--tp20349038p20349038.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Parce que c'est la nuit qu'il est beau de croire en la lumière.