Win a copy of Functional Design and Architecture this week in the Functional programming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

.htacess and tomcat

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, I realize tomcat does not know anything about .htaccess files, but I was hoping to cheat by placing a

JkUnMount /.htaccess ajp13

in my apache virtual host conf file.

This does not work. I suspect this approach simply will not work, but can anybody either verify that, or point out what I'm doing wrong? I realize there are other workarounds, but .htaccess is attractive because it doesn't involve restarting services, etc.

Should JkUnMount work in this case? Are there any alternative, simple workarounds?

All software involved here (apache, mod_jk, tomcat) are all very recent versions...

Thanks for any/all advice!
Bill
 
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My understanding is that .htaccess files apply to the directories they're in. "JkUnMount" doesn't sound like a directory where Apache would serve files from.
 
Saloon Keeper
Posts: 24283
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The purpose of .htaccess is to control how requests to a specific document directory are handled. A lot of those options are totally meaningless to Tomcat, and some, such as overrides on how "Index" requests will be handled would be useful to Tomcat, but J2EE doesn't support such controls. For one thing, because a WAR is supposed to be self-contained (all in one directory subtree), and Apache directories can be anywhere.

For raw access control, .htaccess is a bad choice. The J2EE security system is predicated on role-based access control, and the Apache .htaccess file has no concept of user role.

If your reason for wanting to use .htaccess is because you think that changing the list of authorized users requires a Tomcat restart, that's not true. About the only Tomcat security Realm that's that limited was the old MemoryRealm. Which was never intended to be a solution for production systems.

If your reason for wanting to use .htaccess is because you want "one-stop shopping" for security control that blankets both Tomcat and Apache request handling, you should consider a single-signon security option.
 
William Alfred
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks, I think I wasn't totally clear about what I want to accomplish. My ultimate goal for .htaccess (or whatever technology I use) is to DENY certain (and changing) IP addresses. By using .htaccess I had hoped to take maintaining this list of addresses out of my hands and into the hands of a html developer.

in my virtual host, I am using mod_jk to mount my webapp as the root application:

JkMount /* ajp13

By placing a .htaccess file in my apache document root, and issuing a

JkUnMount /.htaccess ajp13

I had *hoped* to have apache handle the .htaccess, and prevent my banned IPs from ever reaching my webapp. I have managed to do the same thing on the apache side of my world within a <Location> directive on my .conf file. This works, but of course it requires a restart of apache, and takes it beyond the capabilities of my html folks.

This approach works with robots.txt, but this is a file a client is *supposed* to read! I had hoped the same approach would be equally successful with .htaccess...

Cheers!
Bill
 
Tim Holloway
Saloon Keeper
Posts: 24283
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK. I'm not sure why you thought that using .htaccess in one Apache system would be more dynamic than using it in another - or that's what it sounded like you wanted, but anyway...

Apache's mod_jk is a proxy. so it's not really the "root" of your tomcat app, it's the translation mechanism to tunnel a request coming in from Apache to a Tomcat webapp(s). So .htaccess, being directory-oriented would be a real stretch.

There is a way to blacklist IPs from Tomcat, and that's by using a Tomcat Valve. There should be one that performs the IP filtering that you want already available with the stock Tomcat, although it's probably not using .htaccess-format.

Actually, people I really have it in for get banned at the firewall, including anyone trying to do anything from Taiwan's HINET - they host too many spammers and mail hijackers, so they're blocked across the board.

Mostly if you get through my firewall, I figure that if you have security credentials, you're cleared to whatever roles you were granted, and the non-secured resources were all intended to be accessible to anyone anyway.
 
William Alfred
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks! You have confirmed what I had determined to be true by trial and error... Moving forward, I'll use a Valve. Firewall may be an option down the road, but that involves me appealing to a higher authority which is a pain in the neck. But for now, a Valve will work nicely.

Appreciate all the advice!
Bill
 
Let's go to the waterfront with this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic