Hi, Fred, I think you may be confusing IPFilter (the Solaris-specific package) with a generic IP filter. I might be misunderstanding Mladen myself, but I think he meant a simple configuration of Tomcat's Remote Address Valve (http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html) or a similar component at the javax.servlet.Filter level.
Yoav On 10/18/06, fredk2 <[EMAIL PROTECTED]> wrote:
Hi Mladen, <my apologies for the reply format> I am curious about your last statement. I understant that an ip filter is more secure. However, if I am not mistaken, to setup IPFilter you need to be a sysadmin (aka Root) and you can lock yourself out if you do not have physical access to the server(s), right ? So why not a secret word ? It is easy to set and correct. If the file access permissions are applied properly you can then be certain that the tomcat will only communicate with the proper Apache(s). I am sure that the security gurus would like to see SSL, but that is another thread:) Thanks - Fred (Interesting, I just saw that IPFilter is now bundled in Solaris 10, but many Linux ship with IPTables :( Mladen Turk wrote: > > Rainer Jung wrote: >> Hi, >> >> fredk2 wrote: >>> The question is - how can you set secret in mod_proxy_ajp ? >> >> Not at the moment. >> >>> If this feature is not (yet) implemented, can this be easily added - >>> aka can >>> we expect this in a later version :) ? >>> >>> Please let me know if this post should be made on apache-httpd dev >>> forum. >> >> You'll reach Mladen, who ported mod_jk to mod_proxy_* on this list, but >> you should better post to httpd-dev to make sure, all the other >> developers are able to read it. >> > > This feature is pretty much useless and gives no higher > security whatsoever. The same thing can be done by IP Filter > in Tomcat, that would give much higher security then this. > > Regards, > Mladen. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/mod_proxy_ajp-vs-mod_jk-tf2463710.html#a6877291 Sent from the Tomcat - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
