How To Protect Tomcat 7 Against Slowloris Attack

There is something similar to mod_rewrite for servlet containers called URL Rewrite. Taken from SO.

This sounds rather complicated to me and not the way I would try to run it.

In general I try to separate as much as I can environments from each other, running on different servers ideally , but i understand this is not something you can do with a single VPS.

You should at least separate tomcat instances, this would reduce the mess and makes everything more clear.

I would

1) Start 2 different tomcat instances ( achievable in different ways depending on which distribution you are running) on different ports , prod:8080 and test:8180

2) Enable NameVirtualHost in your Apache configuration and proxy the right servername to the right tomcat instance

# Ensure that Apache listens on port 80
Listen 80

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80

<VirtualHost *:80>
DocumentRoot /www/example1
ServerName www.mytestdomain.com

# Other directives here

ProxyPreserveHost On

ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

</VirtualHost>

<VirtualHost *:80>
DocumentRoot /www/example2
ServerName test.mytestdomain.com

# Other directives here
ProxyPreserveHost On

ProxyPass / http://localhost:8180/
ProxyPassReverse / http://localhost:8180/
</VirtualHost>

this way your environment are completely separate and you can apply changes to test without affecting prod , not just inside your code but also at the tomcat configuration level and apache configuration level.