Open access control for testing
Peter Schober
peter.schober at univie.ac.at
Tue Aug 11 17:12:59 UTC 2020
* Mathew, Sunil <smathew at hbs.edu> [2020-08-11 19:06]:
> It is not working. I was not able to find any documentation on
> opening up access control.
I think you've misunderstood the Tomcat Valve: It's purpose is to
inform the application (via the headers) of the *actual* client IP
address. Then "limiting" access to the internal IP addresses of the
proxy is not limiting access at all, since all access will be coming
in via the proxy (unless you also have other holes and people can
access your server directly without going through the proxy).
So if the IP addresses and configuration details were correct anyone
and anything should have access to your IDP. Which would also be wrong
but a different error than you're claiming you have.
-peter
More information about the users
mailing list