This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat IIS security

 
ravitadakamalla
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
I have a small web application running on tomcat and i am using IIS for security reasons. If access my application through the port of IIS like http://ip:iisport/index.html the request goes through IIS and the NT security is implemented. But if i use the tomcat port like http://ip:tomcatport/index.html the request is by passing the IIS and directly accessing the application.
If some one knows the port of tomcat the real security problem arises.
I want to force the users to go through IIS.
Is there any way to implement this?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18014
47
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're using <b>IIS</b> for <b><i>SECURITY REASONS???!!!</i><b>
OK, I've stopped choking. I understand what you mean.
Normally, blocking ports is the job of the firewall. However, NT has no internal firewall, nor, does Win2K (I think), so you'd need an external box. Failing that, you might patch the Tomcat pipeline to only accept requests with the server's local IP address. Catalina should be easy to do that to, since it has very clean lines between its subsystems.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic