You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "James H. H. Lampert" <ja...@touchtonecorp.com.INVALID> on 2023/09/08 15:25:00 UTC
Strange problem involving the word "localhost"
Yesterday, I discovered that our Tomcat-based webapp (running on a
Amazon AWS) doesn't like the word "localhost."
If I enter it in a text field, through the UI, it won't save the record,
and if I feed it into our web services, it comes back with a 403:Forbidden.
My primary hypothesis is that the 403 is coming from an AWS firewall
rule, because that was the cause of our last 403 problem.
But is there anything in Tomcat that could be doing this?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Strange problem involving the word "localhost"
Posted by "James H. H. Lampert" <ja...@touchtonecorp.com.INVALID>.
On 9/8/23 8:34 AM, Ivano Luberti wrote:
> I had similar problem with mod_security installed on servers and apache
> used as proxy.
>
> mod_security intercept the request and if considers it suspicious
> generate a 403 error
Found it.
It's in the AWS WAF. A rule called
"AWS#AWSManagedRulesCommonRuleSet#EC2MetaDataSSRF_BODY" seems to be the
problem.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Strange problem involving the word "localhost"
Posted by Ivano Luberti <lu...@archicoop.it.INVALID>.
I had similar problem with mod_security installed on servers and apache
used as proxy.
mod_security intercept the request and if considers it suspicious
generate a 403 error
Il 08/09/2023 17:25, James H. H. Lampert ha scritto:
> Yesterday, I discovered that our Tomcat-based webapp (running on a
> Amazon AWS) doesn't like the word "localhost."
>
> If I enter it in a text field, through the UI, it won't save the
> record, and if I feed it into our web services, it comes back with a
> 403:Forbidden.
>
> My primary hypothesis is that the 403 is coming from an AWS firewall
> rule, because that was the cause of our last 403 problem.
>
> But is there anything in Tomcat that could be doing this?
>
> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
dott. Ivano Mario Luberti
Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa
tel.: +39 050/580959 | fax: +39 050/8932061
web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/