Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!mx05.eternal-september.org!.POSTED!not-for-mail From: markspace Newsgroups: comp.lang.java.programmer Subject: Re: POST to secure server Date: Wed, 27 Mar 2013 19:38:59 -0700 Organization: A noiseless patient Spider Lines: 21 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Thu, 28 Mar 2013 02:36:51 +0000 (UTC) Injection-Info: mx05.eternal-september.org; posting-host="fba3415ba68d85d643935af2f52f0b4b"; logging-data="3993"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18gEgu4jeLA7cxo08KqyQzLRMs1mODN+y8=" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130307 Thunderbird/17.0.4 In-Reply-To: Cancel-Lock: sha1:9oltcN5fh522WrLyXqHmxVjviKI= Xref: csiph.com comp.lang.java.programmer:23145 On 3/27/2013 4:11 PM, Arved Sandstrom wrote: > On 03/27/2013 09:34 AM, RVic wrote: >> Thanks for all your responses. I'm finding out from the client that >> they have no exposed URLs that my servlet call can come in on, and >> they need to somehow provide that on their end. > [ SNIP ] > > Errr, to me that means that someone set up the servlet engine (Tomcat or > whatever) with HTTP/HTTPS ports that are blocked by a firewall. And they > are simply saying that they need to open up those ports. > > I'd let the client do just that. Well, firewall or DMZ plus gateway, or whatever else they might be using to protect their systems from teh hax. But yes, the general idea is that the client should do something about it (and probably only the client can).