You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jonathan Mast <jh...@gmail.com> on 2009/04/05 19:18:49 UTC

RemoteAddrValve syntax

How do I specify wildcards in the RemoteAddrValue declaration?

The Tomcat docs says it uses the java.util.regex package, so i wrote a test
case like this:

        String patternStr = "192.168.*.*";
        String searchStr = "192.168.1.2";

        Pattern p = Pattern.compile(patternStr);
        Matcher m = p.matcher(searchStr);
        System.out.println("Does " + patternStr);
        System.out.println("Match " + searchStr);
        boolean b = m.matches();
        System.out.println("Result: " + b);

Which returns true, however when I placed patternStr into my server.xml file
(following the conventions in the Tomcat docs of escaping the "." with \ ):
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.*\.*"/>

It didn't match, ie. I couldn't get in.  I hard coded my current ip into the
above value and it worked, but I need to match any 192.168.*.* address.

How do specify this in server.xml?

Thanks

Setup:
Java 1.4.2
Tomcat 5.5

Re: RemoteAddrValve syntax

Posted by Jonathan Mast <jh...@gmail.com>.

I looked at the javadocs for the RemoteAddrValve and they provided no
further clarity on the syntax issue.

You're right, my test case mistakenly returned a false positive, ".*" could
match anything its true and their is no "common sense" wildcard in the Java
Regex package.  I looked at the javadoc for the regex package and found it a
little too pedantic.  I thought javadocs were supposed to be human-readable
;-)

thanks for the help

On Sun, Apr 5, 2009 at 2:41 PM, André Warnier <aw...@ice-sa.com> wrote:

> André Warnier wrote:
> [...]
>
>>
>> To match any address starting with "192.168.", use
>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>>  allow="192\.168\..*"/>
>> or (if you want to be really finicky about it)
>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>>  allow="192\.168\.\d{1,3}\.\d{1,3}"/>
>>
>>  What is not very clear in the on-line Tomcat documentation, is whether a
> remote client address of 192.168.1.2 would be translated to the string
> "192.168.1.2" by Tomcat prior to matching in the Valve, or to for example
> "192.168.001.002".
> Maybe the Valve source code is clearer ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: RemoteAddrValve syntax

Posted by André Warnier <aw...@ice-sa.com>.

André Warnier wrote:
[...]
> 
> To match any address starting with "192.168.", use
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>  allow="192\.168\..*"/>
> or (if you want to be really finicky about it)
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>  allow="192\.168\.\d{1,3}\.\d{1,3}"/>
> 
What is not very clear in the on-line Tomcat documentation, is whether a 
remote client address of 192.168.1.2 would be translated to the string 
"192.168.1.2" by Tomcat prior to matching in the Valve, or to for 
example "192.168.001.002".
Maybe the Valve source code is clearer ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: RemoteAddrValve syntax

Posted by André Warnier <aw...@ice-sa.com>.

Jonathan Mast wrote:
> How do I specify wildcards in the RemoteAddrValue declaration?
> 
> The Tomcat docs says it uses the java.util.regex package, so i wrote a test
> case like this:
> 
>         String patternStr = "192.168.*.*";
>         String searchStr = "192.168.1.2";
> 
>         Pattern p = Pattern.compile(patternStr);
>         Matcher m = p.matcher(searchStr);
>         System.out.println("Does " + patternStr);
>         System.out.println("Match " + searchStr);
>         boolean b = m.matches();
>         System.out.println("Result: " + b);
> 
> Which returns true, however when I placed patternStr into my server.xml file
> (following the conventions in the Tomcat docs of escaping the "." with \ ):
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\.*\.*"/>

This is not a "Tomcat convention", it is how regular expressions work.
In a regular expression,
a "." means 'any character'
"\." mean 'the character "."'
the expression "\.*" means "a ".", 0 or n times"
The expression "192.168.1.2", as a regexp, matches "192.168.1.2", but 
also matches "192A168+1C2" and "19201689152" (and a lot more strings), 
since an unescaped "." matches any character.
The regexp "192.168.*.*" does  not make much sense, since the first ".*" 
will match anything that follows (or nothing), leaving nothing to match 
for the second ".*".

To match any address starting with "192.168.", use
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
  allow="192\.168\..*"/>
or (if you want to be really finicky about it)
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
  allow="192\.168\.\d{1,3}\.\d{1,3}"/>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: RemoteAddrValve syntax

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: Jonathan Mast [mailto:jhmast.developer@gmail.com]
> Subject: RemoteAddrValve syntax
> 
> The Tomcat docs says it uses the java.util.regex package

But you apparently didn't read the doc for java.util.regex, which is not anything like the wildcards you tried to use:
http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html

André has done your homework and provided the proper syntax.

> Java 1.4.2

You might want to consider moving up to a supported JRE level; 1.4.2 reached end-of-life last October.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org