mod-security-users

[mod-security-users] modsecurity for tomcat or resin ?

[fatb <fa...@se...>]

aGkgbGlzdDoNCiAgSSBvcmlnaW5hbGx5IHRob3VnaHQgdGhhdCBJIGNvdWxkIHNlY3VyZSB0b21j
YXQgYnkgc2VjdXJlIHRoZSBhcGFjaGUgd2l0aCBtb2RzZWN1cml0eSx3aGljaCB3YXMgaW4gdGhl
IGZyb250IG9mIGl0Lg0KVG9kYXkgSSB1c2VkIG1vZF9qazIgdG8gY29ubmVjdCBhcGFjaGUyIGFu
ZCB0b21jYXQ1LGFuZCBmaWx0ZXIgc29tZXRoaW5nIHdpdGggbW9kc2VjdXJpdHksYnV0IGl0IGRp
ZCBub3QgZmlsdGVyIGFueXRoaW5nIEkgd2lzaC4NCk1heWJlIEkgZGlkIG5vdCBrbm93IGhvdyB0
aGUgbW9kX2prMiB3b3JrLGFueWJvZHkgY291bGQgc3VnZ2VzdCBvbmUgd2F5IHRvIGZpbHRlciBz
b21ldGhpbmcgZm9yIGpzcCBzY3JpcHQgYW5kIFNlcnZsZXQuDQoNClRoYW5rIFlvdSENCg==

Re: [mod-security-users] modsecurity for tomcat or resin ?

[Ivan R. <iv...@we...>]

fatb wrote:
> hi list:
>   I originally thought that I could secure tomcat by secure the apache
> with modsecurity,which was in the front of it.
> Today I used mod_jk2 to connect apache2 and tomcat5,and filter
> something with modsecurity,but it did not filter anything I wish.
> Maybe I did not know how the mod_jk2 work,anybody could suggest one way
> to filter something for jsp script and Servlet.

  Isn't mod_jk2 deprecated? I have successfully used Apache + Tomcat
  + ModSecurity with mod_jk (1.2.x) in the past. I never tried mod_jk2.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net