You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jonathan Mast <jh...@gmail.com> on 2009/04/05 19:18:49 UTC
RemoteAddrValve syntax
How do I specify wildcards in the RemoteAddrValue declaration?
The Tomcat docs says it uses the java.util.regex package, so i wrote a test
case like this:
String patternStr = "192.168.*.*";
String searchStr = "192.168.1.2";
Pattern p = Pattern.compile(patternStr);
Matcher m = p.matcher(searchStr);
System.out.println("Does " + patternStr);
System.out.println("Match " + searchStr);
boolean b = m.matches();
System.out.println("Result: " + b);
Which returns true, however when I placed patternStr into my server.xml file
(following the conventions in the Tomcat docs of escaping the "." with \ ):
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.*\.*"/>
It didn't match, ie. I couldn't get in. I hard coded my current ip into the
above value and it worked, but I need to match any 192.168.*.* address.
How do specify this in server.xml?
Thanks
Setup:
Java 1.4.2
Tomcat 5.5
Re: RemoteAddrValve syntax
Posted by Jonathan Mast <jh...@gmail.com>.
I looked at the javadocs for the RemoteAddrValve and they provided no
further clarity on the syntax issue.
You're right, my test case mistakenly returned a false positive, ".*" could
match anything its true and their is no "common sense" wildcard in the Java
Regex package. I looked at the javadoc for the regex package and found it a
little too pedantic. I thought javadocs were supposed to be human-readable
;-)
thanks for the help
On Sun, Apr 5, 2009 at 2:41 PM, André Warnier <aw...@ice-sa.com> wrote:
> André Warnier wrote:
> [...]
>
>>
>> To match any address starting with "192.168.", use
>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>> allow="192\.168\..*"/>
>> or (if you want to be really finicky about it)
>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>> allow="192\.168\.\d{1,3}\.\d{1,3}"/>
>>
>> What is not very clear in the on-line Tomcat documentation, is whether a
> remote client address of 192.168.1.2 would be translated to the string
> "192.168.1.2" by Tomcat prior to matching in the Valve, or to for example
> "192.168.001.002".
> Maybe the Valve source code is clearer ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: RemoteAddrValve syntax
Posted by André Warnier <aw...@ice-sa.com>.
André Warnier wrote:
[...]
>
> To match any address starting with "192.168.", use
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\..*"/>
> or (if you want to be really finicky about it)
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\.\d{1,3}\.\d{1,3}"/>
>
What is not very clear in the on-line Tomcat documentation, is whether a
remote client address of 192.168.1.2 would be translated to the string
"192.168.1.2" by Tomcat prior to matching in the Valve, or to for
example "192.168.001.002".
Maybe the Valve source code is clearer ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: RemoteAddrValve syntax
Posted by André Warnier <aw...@ice-sa.com>.
Jonathan Mast wrote:
> How do I specify wildcards in the RemoteAddrValue declaration?
>
> The Tomcat docs says it uses the java.util.regex package, so i wrote a test
> case like this:
>
> String patternStr = "192.168.*.*";
> String searchStr = "192.168.1.2";
>
> Pattern p = Pattern.compile(patternStr);
> Matcher m = p.matcher(searchStr);
> System.out.println("Does " + patternStr);
> System.out.println("Match " + searchStr);
> boolean b = m.matches();
> System.out.println("Result: " + b);
>
> Which returns true, however when I placed patternStr into my server.xml file
> (following the conventions in the Tomcat docs of escaping the "." with \ ):
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\.*\.*"/>
This is not a "Tomcat convention", it is how regular expressions work.
In a regular expression,
a "." means 'any character'
"\." mean 'the character "."'
the expression "\.*" means "a ".", 0 or n times"
The expression "192.168.1.2", as a regexp, matches "192.168.1.2", but
also matches "192A168+1C2" and "19201689152" (and a lot more strings),
since an unescaped "." matches any character.
The regexp "192.168.*.*" does not make much sense, since the first ".*"
will match anything that follows (or nothing), leaving nothing to match
for the second ".*".
To match any address starting with "192.168.", use
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\..*"/>
or (if you want to be really finicky about it)
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.\d{1,3}\.\d{1,3}"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: RemoteAddrValve syntax
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Jonathan Mast [mailto:jhmast.developer@gmail.com]
> Subject: RemoteAddrValve syntax
>
> The Tomcat docs says it uses the java.util.regex package
But you apparently didn't read the doc for java.util.regex, which is not anything like the wildcards you tried to use:
http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
André has done your homework and provided the proper syntax.
> Java 1.4.2
You might want to consider moving up to a supported JRE level; 1.4.2 reached end-of-life last October.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org