1 of 1 people found this helpful
having an Apache in front of your JBoss is a big advantage. I would prefer to disable the JBoss HTTP-Connector and handle all traffic via Apache. There you can limit or allow access to your apps via <Location /web-console> deny from all; allow from *.your.domain; and so on.
In a Tomcat-Environment you could use RemoteAdressValve to limit access to your context. JBoss does not need an explicit context config, as it pulls it's info from jboss-web.xml or some EAR data, I think, that Apache would be the only possibility. Perhaps someone else from community knows a trick.
Thanks for your answer. Finally, I will publish all applications through Apache, and limit the access to JBoss to only the Apache's. As administration applications are secured, i don't care "normal users" can access them, as the will be prompted for a user with permissions the don't have. The original post was to avoid to publish all administration applications with Apache, but I have realized it has not much sense.
Thanks again and regards.