You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Neu <pe...@gmx.net> on 2006/11/13 14:42:40 UTC
Problem with RemoteAddrValve in Context.xml
Hello,
I'm trying to define an ip access filter with RemoteAddrValve in the
context.xml file I deploy with my war file.
If I read the documentation right the only thing to be done is write the
following into the context.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/user/public/">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192.168.200.188"
/>
</Context>
But this does not work out. Does anyone know what's wrong?
Cheers,
Pete
AW: AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
You won't believe it. I deployed the app as war file and just to make sure I
checked out the location \conf\Catalina\localhost to find a context.xml file
named user.xml like the name of the webapps with exactly the same content.
This is strange!
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: David Smith [mailto:dns4@cornell.edu]
> Gesendet: Dienstag, 14. November 2006 15:51
> An: Tomcat Users List
> Betreff: Re: AW: Problem with RemoteAddrValve in Context.xml
>
> I suspect the context.xml file in META-INF isn't honored unless you
> deploy your webapp as a web archive file (.war). Sounds to me like this
> webapp is an exploded folder under webapps directory. In that case,
> copy the context.xml file to Catalina/localhost, rename to match your
> web application's context and re-start the webapp. You should find the
> valve suddenly start working.
>
> --David
>
> Peter Neu wrote:
>
> >OK,to answer both questions:
> >
> >I got tomcat version 5.5.20 running on a windows box.
> >
> >I put my context.xml in a directory named META-INF which
> >is on the same level as WEB-INF
> >
> >Cheers,
> >Pete
> >
> >
> >
> >>-----Ursprüngliche Nachricht-----
> >>Von: Martin Gainty [mailto:mgainty@hotmail.com]
> >>Gesendet: Dienstag, 14. November 2006 15:29
> >>An: Tomcat Users List
> >>Betreff: Re: Problem with RemoteAddrValve in Context.xml
> >>
> >>I verified the allow attribute is operational in RemoteAddrValve..
> >>(that is when allow="192\.168\.200\.188" only 192.168.200.188 is
> >>authorised to that tomcat instance)
> >>
> >>could you verify which IP's are being authorised?
> >>could you tell us which version of Tomcat you are executing?
> >>
> >>Thanks,
> >>M-
> >>This e-mail communication and any attachments may contain confidential
> and
> >>privileged information for the use of the
> >>designated recipients named above. If you are not the intended
> recipient,
> >>you are hereby notified that you have received
> >>this communication in error and that any review, disclosure,
> >>dissemination, distribution or copying of it or its
> >>contents
> >>----- Original Message -----
> >>From: "Peter Neu" <pe...@gmx.net>
> >>To: "'Tomcat Users List'" <us...@tomcat.apache.org>
> >>Sent: Tuesday, November 14, 2006 6:49 AM
> >>Subject: AW: Problem with RemoteAddrValve in Context.xml
> >>
> >>
> >>Ok, I changed the allow attribute to a regular exp. Looks like this now:
> >>
> >> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> >> allow="192\.168\.200\.188"
> >> />
> >>
> >>But still the filter lets all users access the application.
> >>
> >>Cheers,
> >>Pete
> >>
> >>
> >>
> >>
> >>>-----Ursprüngliche Nachricht-----
> >>>Von: Mark Thomas [mailto:markt@apache.org]
> >>>Gesendet: Dienstag, 14. November 2006 01:11
> >>>An: Tomcat Users List
> >>>Betreff: Re: Problem with RemoteAddrValve in Context.xml
> >>>
> >>>Peter Neu wrote:
> >>>
> >>>
> >>>>I'm trying to define an ip access filter with RemoteAddrValve in the
> >>>>context.xml file I deploy with my war file.
> >>>>
> >>>>If I read the documentation right the only thing to be done is write
> >>>>
> >>>>
> >>the
> >>
> >>
> >>>>following into the context.xml file:
> >>>>
> >>>><?xml version="1.0" encoding="UTF-8"?>
> >>>><Context path="/user/public/">
> >>>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> >>>> allow="192.168.200.188"
> >>>> />
> >>>></Context>
> >>>>
> >>>>But this does not work out. Does anyone know what's wrong?
> >>>>
> >>>>
> >>>As the docs state, you need to use a regular expression.
> >>>"192.168.200.188" doesn't do what you think it does since "." is a
> >>>special character in regular expressions.
> >>>
> >>>Mark
> >>>
> >>>---------------------------------------------------------------------
> >>>To start a new topic, e-mail: users@tomcat.apache.org
> >>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
> >>
> >>---------------------------------------------------------------------
> >>To start a new topic, e-mail: users@tomcat.apache.org
> >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
> >
> >
> >---------------------------------------------------------------------
> >To start a new topic, e-mail: users@tomcat.apache.org
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: AW: Problem with RemoteAddrValve in Context.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: David Smith [mailto:dns4@cornell.edu]
> Subject: Re: AW: Problem with RemoteAddrValve in Context.xml
>
> I suspect the context.xml file in META-INF isn't honored unless you
> deploy your webapp as a web archive file (.war).
Not true - META-INF/context.xml is used regardless of whether the webapp
is in a .war or a directory. However, that location is not used if
conf/[engine]/[host]/[appName].xml exists.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: Problem with RemoteAddrValve in Context.xml
Posted by David Smith <dn...@cornell.edu>.
I suspect the context.xml file in META-INF isn't honored unless you
deploy your webapp as a web archive file (.war). Sounds to me like this
webapp is an exploded folder under webapps directory. In that case,
copy the context.xml file to Catalina/localhost, rename to match your
web application's context and re-start the webapp. You should find the
valve suddenly start working.
--David
Peter Neu wrote:
>OK,to answer both questions:
>
>I got tomcat version 5.5.20 running on a windows box.
>
>I put my context.xml in a directory named META-INF which
>is on the same level as WEB-INF
>
>Cheers,
>Pete
>
>
>
>>-----Ursprüngliche Nachricht-----
>>Von: Martin Gainty [mailto:mgainty@hotmail.com]
>>Gesendet: Dienstag, 14. November 2006 15:29
>>An: Tomcat Users List
>>Betreff: Re: Problem with RemoteAddrValve in Context.xml
>>
>>I verified the allow attribute is operational in RemoteAddrValve..
>>(that is when allow="192\.168\.200\.188" only 192.168.200.188 is
>>authorised to that tomcat instance)
>>
>>could you verify which IP's are being authorised?
>>could you tell us which version of Tomcat you are executing?
>>
>>Thanks,
>>M-
>>This e-mail communication and any attachments may contain confidential and
>>privileged information for the use of the
>>designated recipients named above. If you are not the intended recipient,
>>you are hereby notified that you have received
>>this communication in error and that any review, disclosure,
>>dissemination, distribution or copying of it or its
>>contents
>>----- Original Message -----
>>From: "Peter Neu" <pe...@gmx.net>
>>To: "'Tomcat Users List'" <us...@tomcat.apache.org>
>>Sent: Tuesday, November 14, 2006 6:49 AM
>>Subject: AW: Problem with RemoteAddrValve in Context.xml
>>
>>
>>Ok, I changed the allow attribute to a regular exp. Looks like this now:
>>
>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>> allow="192\.168\.200\.188"
>> />
>>
>>But still the filter lets all users access the application.
>>
>>Cheers,
>>Pete
>>
>>
>>
>>
>>>-----Ursprüngliche Nachricht-----
>>>Von: Mark Thomas [mailto:markt@apache.org]
>>>Gesendet: Dienstag, 14. November 2006 01:11
>>>An: Tomcat Users List
>>>Betreff: Re: Problem with RemoteAddrValve in Context.xml
>>>
>>>Peter Neu wrote:
>>>
>>>
>>>>I'm trying to define an ip access filter with RemoteAddrValve in the
>>>>context.xml file I deploy with my war file.
>>>>
>>>>If I read the documentation right the only thing to be done is write
>>>>
>>>>
>>the
>>
>>
>>>>following into the context.xml file:
>>>>
>>>><?xml version="1.0" encoding="UTF-8"?>
>>>><Context path="/user/public/">
>>>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>>>> allow="192.168.200.188"
>>>> />
>>>></Context>
>>>>
>>>>But this does not work out. Does anyone know what's wrong?
>>>>
>>>>
>>>As the docs state, you need to use a regular expression.
>>>"192.168.200.188" doesn't do what you think it does since "." is a
>>>special character in regular expressions.
>>>
>>>Mark
>>>
>>>---------------------------------------------------------------------
>>>To start a new topic, e-mail: users@tomcat.apache.org
>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
>
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: Problem with RemoteAddrValve in Context.xml
Posted by David Smith <dn...@cornell.edu>.
You can't split a webapp into protected and not protected with the
valve. It's all or nothing. You'd be better off implementing a filter
in your webapp that pay's attention to request.getRemoteAddr() and
either chains the request or redirects to an error page.
--David
Peter Neu wrote:
> I just tried some more but I can't get it to work. Is there another way to
> resolve the problem?
>
> I need one part of the application /app/public open for everybody and
> another part of the application /app/internal open only for people with a
> certain ip address 192.168.200.*
>
> Any ideas?
>
> Cheers,
> Pete
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
>> Gesendet: Dienstag, 14. November 2006 16:16
>> An: Tomcat Users List
>> Betreff: RE: Problem with RemoteAddrValve in Context.xml
>>
>>
>>> From: Peter Neu [mailto:peter.neu@gmx.net]
>>> Subject: AW: Problem with RemoteAddrValve in Context.xml
>>>
>>> Yes. And when I deleted it. Then I must restart the app and this
>>> automatically triggers the creation of a new context.xml file
>>> in the dir conf/Catalina/localhost.
>>>
>> Hopefully this one is an exact copy of the one in META-INF/context.xml.
>> I haven't yet determined under exactly what conditions Tomcat chooses to
>> make a copy of the <Context> element, but doing so does cause some
>> confusion if you don't realize it happened. May have something to do
>> with the deployOnStartup and autoDeploy settings, but I'm only
>> speculating on that.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
I just tried some more but I can't get it to work. Is there another way to
resolve the problem?
I need one part of the application /app/public open for everybody and
another part of the application /app/internal open only for people with a
certain ip address 192.168.200.*
Any ideas?
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Gesendet: Dienstag, 14. November 2006 16:16
> An: Tomcat Users List
> Betreff: RE: Problem with RemoteAddrValve in Context.xml
>
> > From: Peter Neu [mailto:peter.neu@gmx.net]
> > Subject: AW: Problem with RemoteAddrValve in Context.xml
> >
> > Yes. And when I deleted it. Then I must restart the app and this
> > automatically triggers the creation of a new context.xml file
> > in the dir conf/Catalina/localhost.
>
> Hopefully this one is an exact copy of the one in META-INF/context.xml.
> I haven't yet determined under exactly what conditions Tomcat chooses to
> make a copy of the <Context> element, but doing so does cause some
> confusion if you don't realize it happened. May have something to do
> with the deployOnStartup and autoDeploy settings, but I'm only
> speculating on that.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Problem with RemoteAddrValve in Context.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Peter Neu [mailto:peter.neu@gmx.net]
> Subject: AW: Problem with RemoteAddrValve in Context.xml
>
> Yes. And when I deleted it. Then I must restart the app and this
> automatically triggers the creation of a new context.xml file
> in the dir conf/Catalina/localhost.
Hopefully this one is an exact copy of the one in META-INF/context.xml.
I haven't yet determined under exactly what conditions Tomcat chooses to
make a copy of the <Context> element, but doing so does cause some
confusion if you don't realize it happened. May have something to do
with the deployOnStartup and autoDeploy settings, but I'm only
speculating on that.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
Yes. And when I deleted it. Then I must restart the app and this
automatically triggers the creation of a new context.xml file in the dir
conf/Catalina/localhost.
> -----Ursprüngliche Nachricht-----
> Von: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Gesendet: Dienstag, 14. November 2006 15:59
> An: Tomcat Users List
> Betreff: RE: Problem with RemoteAddrValve in Context.xml
>
> > From: Peter Neu [mailto:peter.neu@gmx.net]
> > Subject: AW: Problem with RemoteAddrValve in Context.xml
> >
> > Ok, I removed the path attribute. The result is the same.
>
> Is there a .xml file for the app in conf/[engine]/[host] (usually
> conf/Catalina/localhost)? If so, remove it so the one in
> META-INF/context.xml will be used.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Problem with RemoteAddrValve in Context.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Peter Neu [mailto:peter.neu@gmx.net]
> Subject: AW: Problem with RemoteAddrValve in Context.xml
>
> Ok, I removed the path attribute. The result is the same.
Is there a .xml file for the app in conf/[engine]/[host] (usually
conf/Catalina/localhost)? If so, remove it so the one in
META-INF/context.xml will be used.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
Ok, I removed the path attribute. The result is the same.
I didn't edit after deployment.
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
> Gesendet: Dienstag, 14. November 2006 15:43
> An: Tomcat Users List
> Betreff: RE: Problem with RemoteAddrValve in Context.xml
>
> > From: Peter Neu [mailto:peter.neu@gmx.net]
> > Subject: AW: Problem with RemoteAddrValve in Context.xml
> >
> > I put my context.xml in a directory named META-INF which
> > is on the same level as WEB-INF
>
> The path attribute is not allowed when the <Context> element is in
> META-INF/context.xml. Don't know whether or not this has an affect on
> the <Valve> declaration, but get rid of the path and try it again.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Problem with RemoteAddrValve in Context.xml
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Peter Neu [mailto:peter.neu@gmx.net]
> Subject: AW: Problem with RemoteAddrValve in Context.xml
>
> I put my context.xml in a directory named META-INF which
> is on the same level as WEB-INF
The path attribute is not allowed when the <Context> element is in
META-INF/context.xml. Don't know whether or not this has an affect on
the <Valve> declaration, but get rid of the path and try it again.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
OK,to answer both questions:
I got tomcat version 5.5.20 running on a windows box.
I put my context.xml in a directory named META-INF which
is on the same level as WEB-INF
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: Martin Gainty [mailto:mgainty@hotmail.com]
> Gesendet: Dienstag, 14. November 2006 15:29
> An: Tomcat Users List
> Betreff: Re: Problem with RemoteAddrValve in Context.xml
>
> I verified the allow attribute is operational in RemoteAddrValve..
> (that is when allow="192\.168\.200\.188" only 192.168.200.188 is
> authorised to that tomcat instance)
>
> could you verify which IP's are being authorised?
> could you tell us which version of Tomcat you are executing?
>
> Thanks,
> M-
> This e-mail communication and any attachments may contain confidential and
> privileged information for the use of the
> designated recipients named above. If you are not the intended recipient,
> you are hereby notified that you have received
> this communication in error and that any review, disclosure,
> dissemination, distribution or copying of it or its
> contents
> ----- Original Message -----
> From: "Peter Neu" <pe...@gmx.net>
> To: "'Tomcat Users List'" <us...@tomcat.apache.org>
> Sent: Tuesday, November 14, 2006 6:49 AM
> Subject: AW: Problem with RemoteAddrValve in Context.xml
>
>
> Ok, I changed the allow attribute to a regular exp. Looks like this now:
>
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\.200\.188"
> />
>
> But still the filter lets all users access the application.
>
> Cheers,
> Pete
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Mark Thomas [mailto:markt@apache.org]
> > Gesendet: Dienstag, 14. November 2006 01:11
> > An: Tomcat Users List
> > Betreff: Re: Problem with RemoteAddrValve in Context.xml
> >
> > Peter Neu wrote:
> > > I'm trying to define an ip access filter with RemoteAddrValve in the
> > > context.xml file I deploy with my war file.
> > >
> > > If I read the documentation right the only thing to be done is write
> the
> > > following into the context.xml file:
> > >
> > > <?xml version="1.0" encoding="UTF-8"?>
> > > <Context path="/user/public/">
> > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > allow="192.168.200.188"
> > > />
> > > </Context>
> > >
> > > But this does not work out. Does anyone know what's wrong?
> >
> > As the docs state, you need to use a regular expression.
> > "192.168.200.188" doesn't do what you think it does since "." is a
> > special character in regular expressions.
> >
> > Mark
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with RemoteAddrValve in Context.xml
Posted by Martin Gainty <mg...@hotmail.com>.
I verified the allow attribute is operational in RemoteAddrValve..
(that is when allow="192\.168\.200\.188" only 192.168.200.188 is authorised to that tomcat instance)
could you verify which IP's are being authorised?
could you tell us which version of Tomcat you are executing?
Thanks,
M-
This e-mail communication and any attachments may contain confidential and privileged information for the use of the
designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received
this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents
----- Original Message -----
From: "Peter Neu" <pe...@gmx.net>
To: "'Tomcat Users List'" <us...@tomcat.apache.org>
Sent: Tuesday, November 14, 2006 6:49 AM
Subject: AW: Problem with RemoteAddrValve in Context.xml
Ok, I changed the allow attribute to a regular exp. Looks like this now:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.200\.188"
/>
But still the filter lets all users access the application.
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: Mark Thomas [mailto:markt@apache.org]
> Gesendet: Dienstag, 14. November 2006 01:11
> An: Tomcat Users List
> Betreff: Re: Problem with RemoteAddrValve in Context.xml
>
> Peter Neu wrote:
> > I'm trying to define an ip access filter with RemoteAddrValve in the
> > context.xml file I deploy with my war file.
> >
> > If I read the documentation right the only thing to be done is write the
> > following into the context.xml file:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <Context path="/user/public/">
> > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > allow="192.168.200.188"
> > />
> > </Context>
> >
> > But this does not work out. Does anyone know what's wrong?
>
> As the docs state, you need to use a regular expression.
> "192.168.200.188" doesn't do what you think it does since "." is a
> special character in regular expressions.
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: AW: Problem with RemoteAddrValve in Context.xml
Posted by David Smith <dn...@cornell.edu>.
Ok... then for some reason, your context definition is probably not
being used. Where is this context.xml file and how are you deploying
your webapp?
--David
Peter Neu wrote:
>Hi,
>
>I called the jsp from the same workstation where the server
>runs and got 127.0.0.1
>And then from another client and got 192.168.200.190.
>
>Configuration looks like this
><Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\.200\.188"
> />
>
>Don't know where the error could be. I got no proxy running
>in this setup.
>
>Cheers,
>Pete
>
>
>
>
>
>>
>>>>-----Ursprüngliche Nachricht-----
>>>>Von: Mark Thomas [mailto:markt@apache.org]
>>>>Gesendet: Dienstag, 14. November 2006 01:11
>>>>An: Tomcat Users List
>>>>Betreff: Re: Problem with RemoteAddrValve in Context.xml
>>>>
>>>>Peter Neu wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>I'm trying to define an ip access filter with RemoteAddrValve in the
>>>>>context.xml file I deploy with my war file.
>>>>>
>>>>>If I read the documentation right the only thing to be done is write
>>>>>
>>>>>
>>the
>>
>>
>>>>>following into the context.xml file:
>>>>>
>>>>><?xml version="1.0" encoding="UTF-8"?>
>>>>><Context path="/user/public/">
>>>>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>>>>> allow="192.168.200.188"
>>>>> />
>>>>></Context>
>>>>>
>>>>>But this does not work out. Does anyone know what's wrong?
>>>>>
>>>>>
>>>>>
>>>>>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
Hi,
I called the jsp from the same workstation where the server
runs and got 127.0.0.1
And then from another client and got 192.168.200.190.
Configuration looks like this
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.200\.188"
/>
Don't know where the error could be. I got no proxy running
in this setup.
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: David Smith [mailto:dns4@cornell.edu]
> Gesendet: Dienstag, 14. November 2006 13:47
> An: Tomcat Users List
> Betreff: Re: AW: Problem with RemoteAddrValve in Context.xml
>
> Should work as is with the allow expression typed either way. Do you
> have Apache httpd or something similar acting as a proxy server at
> 192.168.200.188? A quick diagnostic might show if this is the case:
>
> <jsp:root version="1.2" xmlns:jsp="http://java.sun.com/JSP/Page">
> <jsp:directive.page contentType="text/html; charset=UTF-8"
> session="false" />
> <jsp:text>
> <![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> ]]>
> </jsp:text>
> <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
> <head>
> <title>View remote address test</title>
> </head>
> <body>
> <p>You are visiting from
> <b>${pageContext.request.remoteAddr}</b></p>
> </body>
> </html>
> </jsp:root>
>
> Drop it in your webapp and call it from various clients to see if the
> valve is really failing or a proxy is making them all look like they are
> from the same place..
>
> Side note on the allow expression: the '.' character is a wild card
> character -- '192w168t200f188' would evaluate the same as
> 192.168.200.188 with the way you typed it the first time. '\.' matches
> the literal '.' character. If anything, the second one you tried was
> more restrictive.
>
> --David
>
> Peter Neu wrote:
>
> >Ok, I changed the allow attribute to a regular exp. Looks like this now:
> >
> > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > allow="192\.168\.200\.188"
> > />
> >
> >But still the filter lets all users access the application.
> >
> >Cheers,
> >Pete
> >
> >
> >
> >
> >>-----Ursprüngliche Nachricht-----
> >>Von: Mark Thomas [mailto:markt@apache.org]
> >>Gesendet: Dienstag, 14. November 2006 01:11
> >>An: Tomcat Users List
> >>Betreff: Re: Problem with RemoteAddrValve in Context.xml
> >>
> >>Peter Neu wrote:
> >>
> >>
> >>>I'm trying to define an ip access filter with RemoteAddrValve in the
> >>>context.xml file I deploy with my war file.
> >>>
> >>>If I read the documentation right the only thing to be done is write
> the
> >>>following into the context.xml file:
> >>>
> >>><?xml version="1.0" encoding="UTF-8"?>
> >>><Context path="/user/public/">
> >>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> >>> allow="192.168.200.188"
> >>> />
> >>></Context>
> >>>
> >>>But this does not work out. Does anyone know what's wrong?
> >>>
> >>>
> >>As the docs state, you need to use a regular expression.
> >>"192.168.200.188" doesn't do what you think it does since "." is a
> >>special character in regular expressions.
> >>
> >>Mark
> >>
> >>---------------------------------------------------------------------
> >>To start a new topic, e-mail: users@tomcat.apache.org
> >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> >
> >
> >---------------------------------------------------------------------
> >To start a new topic, e-mail: users@tomcat.apache.org
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: Problem with RemoteAddrValve in Context.xml
Posted by David Smith <dn...@cornell.edu>.
Should work as is with the allow expression typed either way. Do you
have Apache httpd or something similar acting as a proxy server at
192.168.200.188? A quick diagnostic might show if this is the case:
<jsp:root version="1.2" xmlns:jsp="http://java.sun.com/JSP/Page">
<jsp:directive.page contentType="text/html; charset=UTF-8"
session="false" />
<jsp:text>
<![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> ]]>
</jsp:text>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>View remote address test</title>
</head>
<body>
<p>You are visiting from
<b>${pageContext.request.remoteAddr}</b></p>
</body>
</html>
</jsp:root>
Drop it in your webapp and call it from various clients to see if the
valve is really failing or a proxy is making them all look like they are
from the same place..
Side note on the allow expression: the '.' character is a wild card
character -- '192w168t200f188' would evaluate the same as
192.168.200.188 with the way you typed it the first time. '\.' matches
the literal '.' character. If anything, the second one you tried was
more restrictive.
--David
Peter Neu wrote:
>Ok, I changed the allow attribute to a regular exp. Looks like this now:
>
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192\.168\.200\.188"
> />
>
>But still the filter lets all users access the application.
>
>Cheers,
>Pete
>
>
>
>
>>-----Ursprüngliche Nachricht-----
>>Von: Mark Thomas [mailto:markt@apache.org]
>>Gesendet: Dienstag, 14. November 2006 01:11
>>An: Tomcat Users List
>>Betreff: Re: Problem with RemoteAddrValve in Context.xml
>>
>>Peter Neu wrote:
>>
>>
>>>I'm trying to define an ip access filter with RemoteAddrValve in the
>>>context.xml file I deploy with my war file.
>>>
>>>If I read the documentation right the only thing to be done is write the
>>>following into the context.xml file:
>>>
>>><?xml version="1.0" encoding="UTF-8"?>
>>><Context path="/user/public/">
>>> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>>> allow="192.168.200.188"
>>> />
>>></Context>
>>>
>>>But this does not work out. Does anyone know what's wrong?
>>>
>>>
>>As the docs state, you need to use a regular expression.
>>"192.168.200.188" doesn't do what you think it does since "." is a
>>special character in regular expressions.
>>
>>Mark
>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
AW: Problem with RemoteAddrValve in Context.xml
Posted by Peter Neu <pe...@gmx.net>.
Ok, I changed the allow attribute to a regular exp. Looks like this now:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.200\.188"
/>
But still the filter lets all users access the application.
Cheers,
Pete
> -----Ursprüngliche Nachricht-----
> Von: Mark Thomas [mailto:markt@apache.org]
> Gesendet: Dienstag, 14. November 2006 01:11
> An: Tomcat Users List
> Betreff: Re: Problem with RemoteAddrValve in Context.xml
>
> Peter Neu wrote:
> > I'm trying to define an ip access filter with RemoteAddrValve in the
> > context.xml file I deploy with my war file.
> >
> > If I read the documentation right the only thing to be done is write the
> > following into the context.xml file:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <Context path="/user/public/">
> > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > allow="192.168.200.188"
> > />
> > </Context>
> >
> > But this does not work out. Does anyone know what's wrong?
>
> As the docs state, you need to use a regular expression.
> "192.168.200.188" doesn't do what you think it does since "." is a
> special character in regular expressions.
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with RemoteAddrValve in Context.xml
Posted by Mark Thomas <ma...@apache.org>.
Peter Neu wrote:
> I'm trying to define an ip access filter with RemoteAddrValve in the
> context.xml file I deploy with my war file.
>
> If I read the documentation right the only thing to be done is write the
> following into the context.xml file:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Context path="/user/public/">
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="192.168.200.188"
> />
> </Context>
>
> But this does not work out. Does anyone know what's wrong?
As the docs state, you need to use a regular expression.
"192.168.200.188" doesn't do what you think it does since "." is a
special character in regular expressions.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Problem with RemoteAddrValve in Context.xml
Posted by Hassan Schroeder <ha...@gmail.com>.
On 11/13/06, Peter Neu <pe...@gmx.net> wrote:
> I'm trying to define an ip access filter with RemoteAddrValve in the
> context.xml file I deploy with my war file.
>
> If I read the documentation right the only thing to be done is write the
> following into the context.xml file:
Did you edit this context.xml *after* deploying a WAR? If so, is
there a corresponding config file that Tomcat's copied into
$CATALINA_HOME/conf/Catalina/{hostname} ? If so, I bet it still
looks like the original one, i.e., no Valve.
> <Context path="/user/public/">
Probably unrelated, but you shouldn't have a path attribute in a
context.xml file under META-INF, and is that *really* what you want
the path to be?
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org