Security things to consider by Mark Thomas from apache.org :

- use Remote Host/Address filters to limit access to administrative
applications
- enable access logging so if something does go wrong you have some
information to work with
- run Tomcat as a dedicated user with the minimum privileges possible

Could someone tell me how to configure these 3 in Jboss Web 2.1.1GA in Linux ? or links can be very helpful ... Thanks