-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe,
On 11/16/2009 2:13 PM, joeweder wrote: > We have an application where the user comes in through 8443 via https. > > But the same app also communicates headlessly with other apps through a > separate data port (also https). What port is that? Do these apps happen to be on the same machine? Same network segment? Can you predict where officially-sanctioned requests are coming from? > Question: How can I disable browser access through a specific port but > continue to allow headless https through? Short answer: bind the "private" <Connector> to 127.0.0.1 and outside clients cannot connect. Not on localhost? You could use an SSH tunnel, or you could use IP-based filtering to reject requests not coming from known hosts. I agree with Peter's response, that you ought to force your clients to authenticate themselves to your webapp -- including "trusted" webapp clients. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksBvrIACgkQ9CaO5/Lv0PC8FQCfZiNynoSUktL96iZEFRxszGlv O2EAn3DgpUO4EoGqcaTUm/dEkyG3kJP+ =vGPs -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org