This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes   Tomcat IIS security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "  Tomcat IIS security" Watch "  Tomcat IIS security" New topic
Author

Tomcat IIS security

ravitadakamalla
Greenhorn

Joined: Sep 27, 2001
Posts: 4
Hi!
I have a small web application running on tomcat and i am using IIS for security reasons. If access my application through the port of IIS like http://ip:iisport/index.html the request goes through IIS and the NT security is implemented. But if i use the tomcat port like http://ip:tomcatport/index.html the request is by passing the IIS and directly accessing the application.
If some one knows the port of tomcat the real security problem arises.
I want to force the users to go through IIS.
Is there any way to implement this?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15959
    
  19

You're using <b>IIS</b> for <b><i>SECURITY REASONS???!!!</i><b>
OK, I've stopped choking. I understand what you mean.
Normally, blocking ports is the job of the firewall. However, NT has no internal firewall, nor, does Win2K (I think), so you'd need an external box. Failing that, you might patch the Tomcat pipeline to only accept requests with the server's local IP address. Catalina should be easy to do that to, since it has very clean lines between its subsystems.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat IIS security
 
Similar Threads
Servlets on IIS
Servlet support for Microsoft IIS
Jsp's and Servlets under IIS
What server for W2000
Tomcat and IIS