2 apps

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

2 apps

Sergey Livanov
I have 2 applications. The first is to be allowed from internet, the second
is to enter data. Two apps are in the webapps. How can I configure tomcat
to make cms unvisible from outside.



--
regards,
 Sergey                          mailto:[hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 2 apps

Tim Funk
The safest way is to run 2 instances of tomcat on the device. Once instance
runs on port 80 for the world to see. Then a firewall can block all access to
any other port from the outside.

The other instance runs on a high port for internal use.


Otherwise, look at RemoteAddressValve:
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/engine.html


-Tim

Sergey Livanov wrote:

> I have 2 applications. The first is to be allowed from internet, the second
> is to enter data. Two apps are in the webapps. How can I configure tomcat
> to make cms unvisible from outside.
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: 2 apps

Peter Crowther
In reply to this post by Sergey Livanov
> From: Sergey Livanov [mailto:[hidden email]]
> I have 2 applications. The first is to be allowed from
> internet, the second
> is to enter data. Two apps are in the webapps. How can I
> configure tomcat
> to make cms unvisible from outside.

At least:

1) Use a filter or valve to examine the IP address of the incoming
request, and reject it if the IP address is external to your
organisation.  Add this filter to your invisible app.  Tomcat provides
some valves to do this by default.

2) Define two separate Services in conf/server.xml, each with their own
Connectors, Engines and Hosts.  Ensure the Connectors are on different
ports - say 80 and 8080 - and give them each their own appBase.  Put
your external app in the public appbase, the internal app in the private
appbase.  Now you can prevent external people accessing your internal
app by preventing access to (say) port 8080 from outside your firewall.

No doubt there are other approaches.

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]