"André Warnier" <a...@ice-sa.com> wrote in message news:4b294eb6.4090...@ice-sa.com... > Martin B. Smith wrote: >> Howdy! >> >> I'm trying to ensure that only specific instances of Apache are allowed >> to proxy requests into my Tomcat 5.5.28 instances. Unfortunately, it >> looks like Tomcat is seeing the actual client IP making the original >> request to Apache. Does anyone have a configuration that only allows >> specific Apache (mod_)proxies to be serviced by Tomcat? >> > Of course if your are under Linux, you could use iptables to block > requests to port 8009, from hosts you don't like. > And if you are under Windows, you could use the Windows firewall or > filtering rules. > Probably even more efficient than doing this at the Tomcat level.
Yes, but if the OP wants to block all access to Tomcat, it is even easier to just not have the worker configured on those Apaches that shouldn't contact it. As a result, I'm guessing that the OP wants to restrict access to certain webapps. The good news is that with the AJP connector, request.getLocalName() returns the name of the Apache server (as specified by the ServerName directive), not the Tomcat server. And request.getLocalAddr() returns the IP address of request.getLocalName() as it resolves on the Tomcat machine. With that information it isn't hard to write a Filter that does what you want. For the truely lazy, it would also be trivial to copy RemoteAddrValve to LocalAddrValve and have it check localAddr instead of remoteAddr. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
