You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "N.s.Karthik" <ns...@gmail.com> on 2012/05/30 16:56:04 UTC

org.apache.catalina.valves.RemoteHostValve does this work ???

Hi

Spec
JDK1.6
TC : tomcat 6.26
O/s win 7 /Linux (redhat)

I have configured the valve as follows  in  TC /conf/Context.xml

*<Valve className="org.apache.catalina.valves.RemoteHostValve" 
             allow="ai-itl-107" 
              deny="192.168.8.210" />*

On restart of the TC ... I am denied access at URL

*http://ai-itl-107:8080/*

as   HTTP 403 Error ???

Disabling this valve  the URL works and application is available normally.

I am confused


with regards
karthik


--
View this message in context: http://tomcat.10.n6.nabble.com/org-apache-catalina-valves-RemoteHostValve-does-this-work-tp4981517.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: org.apache.catalina.valves.RemoteHostValve does this work ???

Posted by André Warnier <aw...@ice-sa.com>.

Leo Donahue - PLANDEVX wrote:
>> -----Original Message-----
>> From: N.s.Karthik [mailto:nskarthik.k@gmail.com]
>> Subject: org.apache.catalina.valves.RemoteHostValve does this work ???
>>
>> Hi
>>
>> Spec
>> JDK1.6
>> TC : tomcat 6.26
>> O/s win 7 /Linux (redhat)
>>
>> I have configured the valve as follows  in  TC /conf/Context.xml
>>
>> *<Valve className="org.apache.catalina.valves.RemoteHostValve"
>>              allow="ai-itl-107"
>>               deny="192.168.8.210" />*
>>
>> On restart of the TC ... I am denied access at URL
>>
>> *http://ai-itl-107:8080/*
>>
>> as   HTTP 403 Error ???
>>
>> Disabling this valve  the URL works and application is available
>> normally.
>>
>> I am confused
>>
>>
>> with regards
>> karthik
> 
> The docs indicate that you need to use a regular expression pattern for the allow and deny attributes.
> 
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter
> 
> allow="ai\-itl\-107"
> deny="192\.168\.8\.210"
> 
> Does that work?
> 
> Leo
> 

In addition, either I am missing something, or there are a couple of strange things in the 
original post.

The allow/deny of the RemoteHostValve are supposed to mean /from which client/ one can or 
cannot access this Tomcat Host, on the base of the client's *hostname*.
(read http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter, as 
compared to http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter)

So
1) what does this *request* URL "http://ai-itl-107:8080" have to do with it all ? is 
"ai-itl-107" the hostname of the client, or of the server ?
2) what about the IP address in the "deny" part ? should one not be using a hostname here 
  (or use a Remote Address Filter instead) ?

In addition, if one really wants to use the *hostname* of the client to allow or deny 
access, then one should also make sure that the server, when it resolves the client's IP 
address to a name, is really getting what is shown up there.
Otherwise it will not allow it, which seems to be happening here (but again, maybe I'm 
confused).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: org.apache.catalina.valves.RemoteHostValve does this work ???

Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.

> -----Original Message-----
> From: N.s.Karthik [mailto:nskarthik.k@gmail.com]
> Subject: org.apache.catalina.valves.RemoteHostValve does this work ???
> 
> Hi
> 
> Spec
> JDK1.6
> TC : tomcat 6.26
> O/s win 7 /Linux (redhat)
> 
> I have configured the valve as follows  in  TC /conf/Context.xml
> 
> *<Valve className="org.apache.catalina.valves.RemoteHostValve"
>              allow="ai-itl-107"
>               deny="192.168.8.210" />*
> 
> On restart of the TC ... I am denied access at URL
> 
> *http://ai-itl-107:8080/*
> 
> as   HTTP 403 Error ???
> 
> Disabling this valve  the URL works and application is available
> normally.
> 
> I am confused
> 
> 
> with regards
> karthik

The docs indicate that you need to use a regular expression pattern for the allow and deny attributes.

http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter

allow="ai\-itl\-107"
deny="192\.168\.8\.210"

Does that work?

Leo

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org