Hi everyone.

I successfully managed to configure a apache2 installation to show me a
tomcat6 (port 8080) on the port 80 of a certain domain.

However, to do this, I had to comment all the raws of the file:
/etc/apache2/mods-enabled/proxy.conf
So actually it's "allow from all"

I know that this is dangerous, so I'm asking help to you on how to
configure things, because I tryed everything but the bridge don't works.

====================================================
This is the bridge with the virtualhost:
<VirtualHost *:80>
ServerAdmin "webmaster [at] TOMCATWEBSITE.com"
ServerName www.TOMCATWEBSITE.com

ProxyPreserveHost On
ProxyPass / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverse / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverseCookieDomain www.TOMCATWEBSITE.com:8080
www.TOMCATWEBSITE.com
ProxyPassReverseCookiePath / /

LogLevel warn
CustomLog /var/log/apache2/TOMCATWEBSITE_access.log vhost_combined
ErrorLog /var/log/apache2/TOMCATWEBSITE_error.log


RewriteEngine on
RewriteRule ^/TOMCATWEBSITE/(.*)$
http://www.TOMCATWEBSITE.com/$1 [L]
<location "/WEB-INF/">
# AllowOverride None
deny from all
</location>

</VirtualHost>
====================================================
That is the configuration that I tryed and it's not working:
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
# Allow from www.TOMCATWEBSITE.com
</Proxy>
====================================================


Thank you.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org

T24gTW9uLCBKYW4gNCwgMjAxMCBhdCAxMjozOCBQTSwgQWx2aXNlIE5pY29s ZXR0aQo8bGlzdHNA
YWx2aXNlbmljb2xldHRpLmNvbT4gd3JvdGU6Cj4gPT09PT09PT09PT09PT09 PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PQo+IFRoYXQgaXMgdGhlIGNvbmZp Z3VyYXRpb24gdGhh
dCBJIHRyeWVkIGFuZCBpdCdzIG5vdCB3b3JraW5nOgo+IKAgoCCgIDxQcm94 eSAqPgo+IKAgoCCg
IKAgoCCgIKAgQWRkRGVmYXVsdENoYXJzZXQgb2ZmCj4goCCgIKAgoCCgIKAg oCBPcmRlciBkZW55
LGFsbG93Cj4goCCgIKAgoCCgIKAgoCBEZW55IGZyb20gYWxsCj4gIyCgIKAg oCCgIKAgoCBBbGxv
dyBmcm9tIHd3dy5UT01DQVRXRUJTSVRFLmNvbQo+IKAgoCCgIDwvUHJveHk+ Cj4gPT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQoK IkFsbG93IiByZXN0
cmljdHMgdGhlIGNsaWVudCwgb3IgYnJvd3NlciwgYWRkcmVzcy9ob3N0bmFt ZS4gIFlvdSBzZWVt
CnRvIGhhdmUgbGlzdGVkIHlvdXIgb3JpZ2luIChiYWNrZW5kKSBzZXJ2ZXIg aW5zdGVhZC4KCldo
YXQgd2VyZSB5b3UgdHJ5aW5nIHRvIHJlc3RyaWN0PwoKLS0gCkVyaWMgQ292 ZW5lcgpjb3ZlbmVy
QGdtYWlsLmNvbQo=

--------------000005020200050406060400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eric Covener wrote:
> On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
> <lists [at] alvisenicoletti.com> wrote:
>
>> ====================================================
>> That is the configuration that I tryed and it's not working:
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>> # Allow from www.TOMCATWEBSITE.com
>> </Proxy>
>> ====================================================
>>
>
> "Allow" restricts the client, or browser, address/hostname. You seem
> to have listed your origin (backend) server instead.
>
> What were you trying to restrict?
>
>
I am trying to restrict everyone but that website ...

Actually that configuration you quoted is ALL commented so I don't have
any allow/deny.

If I put it like you wrote, the bridged website on tomcat goes on timeout.


So wich is the right way?

--------------000005020200050406060400
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Eric Covener wrote:
<blockquote
cite="mid:1404e5911001040941h2d060f5q249aae94e06e64f0 [at] mail.g mail.com"
type="cite">
<pre wrap="">On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
<a class="moz-txt-link-rfc2396E" href="mailto:lists [at] alvisenicoletti.com"><lists [at] alvisenicoletti.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">====================================================
That is the configuration that I tryed and it's not working:
      <Proxy *>
              AddDefaultCharset off
              Order deny,allow
              Deny from all
#             Allow from <a class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
      </Proxy>
====================================================
</pre>
</blockquote>
<pre wrap=""><!---->
"Allow" restricts the client, or browser, address/hostname. You seem
to have listed your origin (backend) server instead.

What were you trying to restrict?

</pre>
</blockquote>
I am trying to restrict everyone but that website ...<br>
<br>
Actually that configuration you quoted is ALL commented so I don't have
any allow/deny.<br>
<br>
If I put it like you wrote, the bridged website on tomcat goes on
timeout.<br>
<br>
<br>
So wich is  the right way?<br>
</body>
</html>

--------------000005020200050406060400--

--------------050806040805020305030904
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eric Covener wrote:
> On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
> <lists [at] alvisenicoletti.com> wrote:
>
>> ====================================================
>> That is the configuration that I tryed and it's not working:
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>> # Allow from www.TOMCATWEBSITE.com
>> </Proxy>
>> ====================================================
>>
>
> "Allow" restricts the client, or browser, address/hostname. You seem
> to have listed your origin (backend) server instead.
>
> What were you trying to restrict?
>
>
Hi ...

This is my ACTUAL configuration:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
</Proxy>
ProxyVia On
</IfModule>
So I'm open like a californian beach.

I would like to restrict access to everything-but-mywebsite like the
example:

<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all

Allow from www.TOMCATWEBSITE.com
</Proxy>
ProxyVia On
</IfModule>

But this is not making work the tomcat6-apache2 bridge.
So I need your help to understand the right configuration.

This is the TOMCATWEBSITE.COM virtual host conf:
<VirtualHost *:80>
ServerAdmin "webmaster [at] TOMCATWEBSITE.com"
ServerName www.TOMCATWEBSITE.com

ProxyPreserveHost On
ProxyPass / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverse / http://www.TOMCATWEBSITE.com:8080/
ProxyPassReverseCookieDomain www.TOMCATWEBSITE.com:8080
www.TOMCATWEBSITE.com
ProxyPassReverseCookiePath / /

LogLevel warn
CustomLog /var/log/apache2/TOMCATWEBSITE_access.log vhost_combined
ErrorLog /var/log/apache2/TOMCATWEBSITE_error.log


RewriteEngine on
RewriteRule ^/TOMCATWEBSITE/(.*)$ http://www.TOMCATWEBSITE.com/$1
[L]
<location "/WEB-INF/">
# AllowOverride None
deny from all
</location>

</VirtualHost>

--------------050806040805020305030904
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Eric Covener wrote:
<blockquote
cite="mid:1404e5911001040941h2d060f5q249aae94e06e64f0 [at] mail.g mail.com"
type="cite">
<pre wrap="">On Mon, Jan 4, 2010 at 12:38 PM, Alvise Nicoletti
<a class="moz-txt-link-rfc2396E" href="mailto:lists [at] alvisenicoletti.com"><lists [at] alvisenicoletti.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">====================================================
That is the configuration that I tryed and it's not working:
      <Proxy *>
              AddDefaultCharset off
              Order deny,allow
              Deny from all
#             Allow from <a class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
      </Proxy>
====================================================
</pre>
</blockquote>
<pre wrap=""><!---->
"Allow" restricts the client, or browser, address/hostname. You seem
to have listed your origin (backend) server instead.

What were you trying to restrict?

</pre>
</blockquote>
Hi ...<br>
<br>
This is my ACTUAL configuration:<br>
<IfModule mod_proxy.c><br>
        ProxyRequests Off<br>
        <Proxy *><br>
                AddDefaultCharset off<br>
        </Proxy><br>
        ProxyVia On<br>
</IfModule><br>
So I'm open like a californian beach.<br>
<br>
I would like to restrict access to everything-but-mywebsite like the
example:<br>
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all

            Allow from <a class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
</Proxy>
ProxyVia On
</IfModule>

</pre>
But this is not making work the tomcat6-apache2 bridge.<br>
So I need your help to understand the right configuration.<br>
<br>
This is the TOMCATWEBSITE.COM virtual host conf:<br>
<VirtualHost *:80>
<br>
       ServerAdmin  <a class="moz-txt-link-rfc2396E"
href="mailto:webmaster [at] TOMCATWEBSITE.com">"webmaster [at] TOMCATW EBSITE.com"</a>
<br>
       ServerName <a class="moz-txt-link-abbreviated"
href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
<br>
<br>
       ProxyPreserveHost   On
<br>
       ProxyPass / <a class="moz-txt-link-freetext"
href="http://www.TOMCATWEBSITE.com:8080/">http://www.TOMCATW EBSITE.com:8080/</a>
<br>
       ProxyPassReverse / <a class="moz-txt-link-freetext"
href="http://www.TOMCATWEBSITE.com:8080/">http://www.TOMCATW EBSITE.com:8080/</a>
<br>
       ProxyPassReverseCookieDomain <a class="moz-txt-link-abbreviated"
href="http://www.TOMCATWEBSITE.com:8080">www.TOMCATWEBSITE.c om:8080</a>
<a class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
<br>
       ProxyPassReverseCookiePath / /
<br>
<br>
       LogLevel warn
<br>
       CustomLog /var/log/apache2/TOMCATWEBSITE_access.log
vhost_combined
<br>
       ErrorLog /var/log/apache2/TOMCATWEBSITE_error.log
<br>
<br>
<br>
       RewriteEngine on
<br>
       RewriteRule ^<i class="moz-txt-slash"><span class="moz-txt-tag">/</span>TOMCATWEBSITE<span
class="moz-txt-tag">/</span></i>(.*)$ <a class="moz-txt-link-freetext"
href="http://www.TOMCATWEBSITE.com/$1">http://www.TOMCATWEBS ITE.com/$1</a>
[L]
<br>
       <location "<i class="moz-txt-slash"><span class="moz-txt-tag">/</span>WEB-INF<span
class="moz-txt-tag">/</span></i>">
<br>
               # AllowOverride None
<br>
               deny from all
<br>
       </location>
<br>
<br>
</VirtualHost>
<br>
</body>
</html>

--------------050806040805020305030904--

On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<lists [at] alvisenicoletti.com> wrote:
> I would like to restrict access to everything-but-mywebsite like the
> example:

>
> <IfModule mod_proxy.c>
> ProxyRequests Off
> <Proxy *>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
>
> =A0 =A0 =A0 =A0 =A0 =A0 Allow from www.TOMCATWEBSITE.com
> </Proxy>
> ProxyVia On
> </IfModule>


That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.

If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.

--
Eric Covener
covener [at] gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org

--------------010700080707090409070005
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Eric Covener wrote:
> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
> <lists [at] alvisenicoletti.com> wrote:
>
>> I would like to restrict access to everything-but-mywebsite like the
>> example:
>>
>
>
>> <IfModule mod_proxy.c>
>> ProxyRequests Off
>> <Proxy *>
>> AddDefaultCharset off
>> Order deny,allow
>> Deny from all
>>
>> Allow from www.TOMCATWEBSITE.com
>> </Proxy>
>> ProxyVia On
>> </IfModule>
>
>
> That restricts access "from" an [client] address, not access "to" a
> backend [webserver] address.
>
> If you're running a reverse proxy only (ProxyRequests off), and you've
> told it to connect to a specific backend via ProxyPass, I don't see
> why you need furtherer configuration to restrict anything.
>
>
mhh ...

the point is that the original configuration in my webserver was:

<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia On
</IfModule>


And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.
Also, in the header of that file I found written:
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.

So I guess this is not good:
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
</Proxy>
ProxyVia On
</IfModule>



Or is it ok?

--------------010700080707090409070005
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Eric Covener wrote:
<blockquote
cite="mid:1404e5911001060309k6db65edauf28a863480fdd068 [at] mail. gmail.com"
type="cite">
<pre wrap="">On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<a class="moz-txt-link-rfc2396E" href="mailto:lists [at] alvisenicoletti.com"><lists [at] alvisenicoletti.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would like to restrict access to everything-but-mywebsite like the
example:
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all

            Allow from <a class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
</Proxy>
ProxyVia On
</IfModule></pre>
</blockquote>
<pre wrap=""><!---->

That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.

If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.

</pre>
</blockquote>
mhh ...<br>
<br>
the point is that the original configuration in my webserver was:<br>
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia On
</IfModule></pre>
<br>
And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.<br>
Also, in the header of that file I found written:<br>
        #turning ProxyRequests on and allowing proxying from all may
allow<br>
        #spammers to use your proxy to send email.<br>
<br>
So I guess this is not good:<br>
<IfModule mod_proxy.c><br>
        ProxyRequests Off<br>
        <Proxy *><br>
                AddDefaultCharset off<br>
        </Proxy><br>
        ProxyVia On<br>
</IfModule><br>
<br>
<br>
<br>
Or is it ok?<br>
</body>
</html>

--------------010700080707090409070005--

--------------010309010607020404080405
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Alvise Nicoletti wrote:
> Eric Covener wrote:
>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>> <lists [at] alvisenicoletti.com> wrote:
>>
>>> I would like to restrict access to everything-but-mywebsite like the
>>> example:
>>>
>>
>>
>>> <IfModule mod_proxy.c>
>>> ProxyRequests Off
>>> <Proxy *>
>>> AddDefaultCharset off
>>> Order deny,allow
>>> Deny from all
>>>
>>> Allow from www.TOMCATWEBSITE.com
>>> </Proxy>
>>> ProxyVia On
>>> </IfModule>
>>
>>
>> That restricts access "from" an [client] address, not access "to" a
>> backend [webserver] address.
>>
>> If you're running a reverse proxy only (ProxyRequests off), and you've
>> told it to connect to a specific backend via ProxyPass, I don't see
>> why you need furtherer configuration to restrict anything.
>>
>>
> mhh ...
>
> the point is that the original configuration in my webserver was:
> <IfModule mod_proxy.c>
> ProxyRequests Off
> <Proxy *>
> AddDefaultCharset off
> Order deny,allow
> Deny from all
> </Proxy>
> ProxyVia On
> </IfModule>
>
> And everthing was working, BUT, I had to remove everything to make the
> tomcat6-apache2 bridge work.
> Also, in the header of that file I found written:
> #turning ProxyRequests on and allowing proxying from all may allow
> #spammers to use your proxy to send email.
>
> So I guess this is not good:
> <IfModule mod_proxy.c>
> ProxyRequests Off
> <Proxy *>
> AddDefaultCharset off
> </Proxy>
> ProxyVia On
> </IfModule>
>
>
>
> Or is it ok?

Do you guy confirm that leaving a webserver with mod_proxy.c enabled but
with no rules is a good thing?

So I relax up a bit ...

--------------010309010607020404080405
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Alvise Nicoletti wrote:
<blockquote cite="mid:4B447319.3060405 [at] alvisenicoletti.com" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
Eric Covener wrote:
<blockquote
cite="mid:1404e5911001060309k6db65edauf28a863480fdd068 [at] mail. gmail.com"
type="cite">
<pre wrap="">On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:lists [at] alvisenicoletti.com"><lists [at] alvisenicoletti.com ></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would like to restrict access to everything-but-mywebsite like the
example:
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all

            Allow from <a moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
</Proxy>
ProxyVia On
</IfModule></pre>
</blockquote>
<pre wrap=""><!---->

That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.

If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.

</pre>
</blockquote>
mhh ...<br>
<br>
the point is that the original configuration in my webserver was:<br>
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia On
</IfModule></pre>
<br>
And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.<br>
Also, in the header of that file I found written:<br>
        #turning ProxyRequests on and allowing proxying from all may
allow<br>
        #spammers to use your proxy to send email.<br>
<br>
So I guess this is not good:<br>
<IfModule mod_proxy.c><br>
        ProxyRequests Off<br>
        <Proxy *><br>
                AddDefaultCharset off<br>
        </Proxy><br>
        ProxyVia On<br>
</IfModule><br>
<br>
<br>
<br>
Or is it ok?<br>
</blockquote>
<br>
Do you guy confirm that leaving a webserver with mod_proxy.c enabled
but with no rules is a good thing?<br>
<br>
So I relax up a bit ...<br>
</body>
</html>

--------------010309010607020404080405--

--------------070106020502080605070601
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Alvise Nicoletti wrote:
> Alvise Nicoletti wrote:
>> Alvise Nicoletti wrote:
>>> Eric Covener wrote:
>>>> On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
>>>> <lists [at] alvisenicoletti.com> wrote:
>>>>
>>>>> I would like to restrict access to everything-but-mywebsite like the
>>>>> example:
>>>>>
>>>>
>>>>
>>>>> <IfModule mod_proxy.c>
>>>>> ProxyRequests Off
>>>>> <Proxy *>
>>>>> AddDefaultCharset off
>>>>> Order deny,allow
>>>>> Deny from all
>>>>>
>>>>> Allow from www.TOMCATWEBSITE.com
>>>>> </Proxy>
>>>>> ProxyVia On
>>>>> </IfModule>
>>>>
>>>>
>>>> That restricts access "from" an [client] address, not access "to" a
>>>> backend [webserver] address.
>>>>
>>>> If you're running a reverse proxy only (ProxyRequests off), and you've
>>>> told it to connect to a specific backend via ProxyPass, I don't see
>>>> why you need furtherer configuration to restrict anything.
>>>>
>>>>
>>> mhh ...
>>>
>>> the point is that the original configuration in my webserver was:
>>> <IfModule mod_proxy.c>
>>> ProxyRequests Off
>>> <Proxy *>
>>> AddDefaultCharset off
>>> Order deny,allow
>>> Deny from all
>>> </Proxy>
>>> ProxyVia On
>>> </IfModule>
>>>
>>> And everthing was working, BUT, I had to remove everything to make
>>> the tomcat6-apache2 bridge work.
>>> Also, in the header of that file I found written:
>>> #turning ProxyRequests on and allowing proxying from all may
>>> allow
>>> #spammers to use your proxy to send email.
>>>
>>> So I guess this is not good:
>>> <IfModule mod_proxy.c>
>>> ProxyRequests Off
>>> <Proxy *>
>>> AddDefaultCharset off
>>> </Proxy>
>>> ProxyVia On
>>> </IfModule>
>>>
>>>
>>>
>>> Or is it ok?
>>
>


mhh ....

> Do you guy confirm that leaving a webserver with mod_proxy.c enabled
> but with no rules is a good thing?
>
> So I relax up a bit ...

And what is this?

Connection attempts using mod_proxy:
65.183.2.75 -> http://lti-mail01.ltinetworks.com:25
<http://lti-mail01.ltinetworks.com:25>: 1 Time(s)


--------------070106020502080605070601
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Alvise Nicoletti wrote:
<blockquote cite="mid:4B45B2B7.1080106 [at] alvisenicoletti.com" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
Alvise Nicoletti wrote:
<blockquote cite="mid:4B44FC69.5040803 [at] alvisenicoletti.com"
type="cite">
<meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
Alvise Nicoletti wrote:
<blockquote cite="mid:4B447319.3060405 [at] alvisenicoletti.com"
type="cite">
<meta content="text/html;charset=ISO-8859-1"
http-equiv="Content-Type">
Eric Covener wrote:
<blockquote
cite="mid:1404e5911001060309k6db65edauf28a863480fdd068 [at] mail. gmail.com"
type="cite">
<pre wrap="">On Wed, Jan 6, 2010 at 6:04 AM, Alvise Nicoletti
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:lists [at] alvisenicoletti.com"><lists [at] alvisenicoletti.com ></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would like to restrict access to everything-but-mywebsite like the
example:
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
<blockquote type="cite">
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all

            Allow from <a moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="http://www.TOMCATWEBSITE.com">www.TOMCATWEBSITE.com</a>
</Proxy>
ProxyVia On
</IfModule></pre>
</blockquote>
<pre wrap=""><!---->

That restricts access "from" an [client] address, not access "to" a
backend [webserver] address.

If you're running a reverse proxy only (ProxyRequests off), and you've
told it to connect to a specific backend via ProxyPass, I don't see
why you need furtherer configuration to restrict anything.

</pre>
</blockquote>
mhh ...<br>
<br>
the point is that the original configuration in my webserver was:<br>
<pre wrap=""><IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
</Proxy>
ProxyVia On
</IfModule></pre>
<br>
And everthing was working, BUT, I had to remove everything to make the
tomcat6-apache2 bridge work.<br>
Also, in the header of that file I found written:<br>
        #turning ProxyRequests on and allowing proxying from all may
allow<br>
        #spammers to use your proxy to send email.<br>
<br>
So I guess this is not good:<br>
<IfModule mod_proxy.c><br>
        ProxyRequests Off<br>
        <Proxy *><br>
                AddDefaultCharset off<br>
        </Proxy><br>
        ProxyVia On<br>
</IfModule><br>
<br>
<br>
<br>
Or is it ok?<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
<br>
mhh ....<br>
<br>
<blockquote cite="mid:4B45B2B7.1080106 [at] alvisenicoletti.com" type="cite">Do
you guy confirm that leaving a webserver with mod_proxy.c enabled
but with no rules is a good thing?<br>
<br>
So I relax up a bit ...<br>
</blockquote>
<br>
And what is this?<br>
<br>
 Connection attempts using mod_proxy:<br>
   65.183.2.75 -> <a moz-do-not-send="true"
href="http://lti-mail01.ltinetworks.com:25" target="_blank">http://lti-mail01.ltinetworks.<wbr>com:25</a>:
1
Time(s)
<br>
<br>
</body>
</html>

--------------070106020502080605070601--