Hi! I have a small web application running on tomcat and i am using IIS for security reasons. If access my application through the port of IIS like http://ip:iisport/index.html the request goes through IIS and the NT security is implemented. But if i use the tomcat port like http://ip:tomcatport/index.html the request is by passing the IIS and directly accessing the application. If some one knows the port of tomcat the real security problem arises. I want to force the users to go through IIS. Is there any way to implement this?
You're using <b>IIS</b> for <b><i>SECURITY REASONS???!!!</i><b> OK, I've stopped choking. I understand what you mean. Normally, blocking ports is the job of the firewall. However, NT has no internal firewall, nor, does Win2K (I think), so you'd need an external box. Failing that, you might patch the Tomcat pipeline to only accept requests with the server's local IP address. Catalina should be easy to do that to, since it has very clean lines between its subsystems.
Customer surveys are for companies who didn't pay proper attention to begin with.