阻止访问 Tomcat6 中的某些 Web 应用程序
我问了这个关于服务器故障的问题,但真的没有太多运气,希望这里有人能够提供一些建议......
我有一个 Tomcat 6 服务器运行得很好。我可以进行外部访问。我想知道如何防止某人看到特定的Web应用程序,例如,我不想从外部访问ROOT tomcat页面。我该如何阻止某些 Web 应用程序,同时让其他 Web 应用程序对外部用户可见?
这是我尝试过的: 这会拒绝一切,甚至 127.0.0.1 请求
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="/examples" docBase="" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
</Context>
</Host>
也会拒绝一切。
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="/examples" docBase="" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="*"/>
</Context>
</Host>
基本上我试图阻止访问 ROOT 默认 tomcat 页面和示例应用程序......
有什么想法吗?
I asked this on server fault but really havent had much luck, hoping that someone here would be able to offer some advice...
I have a Tomcat 6 server running just fine. I have external access working. I wanted to know how to prevent someone from seeing specific webapps, for example, I dont want external access to the ROOT tomcat page. How would I go about preventing some webapps while leaving other webapps visible to external users ?
Here's what I've tried:
This denies everything even 127.0.0.1 requests
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="/examples" docBase="" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
</Context>
</Host>
This denies everything as well.
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="/examples" docBase="" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="*"/>
</Context>
</Host>
Basically I am trying to prevent access to the ROOT default tomcat page and the example apps....
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您不能对允许属性使用通配符...但另一方面,您可以对拒绝属性使用通配符。
这就是为什么我使用上面的代码得到 403 的原因。
我处理这个问题的另一种方法是创建一个 jsp,将流量重定向到我想要的任何地方。
You can't use a wild card for the allow attribute...on the other hand you can use one for the deny attribute.
This is why I was getting a 403 with the above code.
Also another way I handled this was I created a jsp that redirected traffic to wherever I wanted.
看一下文档。
http://tomcat.apache.org/tomcat-6.0-doc/ config/valve.html
你所拥有的似乎是正确的。它说“如果指定了此属性,则远程地址必须匹配才能接受此请求。”
您可能会查看的一件事是查看 127.0.0.1 是否确实是正确的 IP。您实际上可能使用的是盒子的实际 IP。尝试在 localhost 地址之后添加该 IP 地址。
take a look at the documentation.
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
What you have seems to be correct. it says "If this attribute is specified, the remote address MUST match for this request to be accepted."
One thing you might look at is to see whether 127.0.0.1 is really the correct IP. You might be actually using the actual IP of the box. try adding that IP address after the localhost one.
必须使用反斜杠来定义“allow”属性的值,以转义允许的 IP 地址的点:
The value of the "allow" property must be defined using backslashes to escape the dots of the allowed IP address:
这可能是 IPv6 问题。这就是我的
tomcat6/Catalina/myApp.xml的样子:可以通过以下方法进行测试,如果您被拒绝访问,则会产生
403This could be an IPv6 issue. This is what my
tomcat6/Catalina/myApp.xmllooks like:This can be tested by the following which would yield
403if you're denied access