You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "N.s.Karthik" <ns...@gmail.com> on 2012/05/30 16:56:04 UTC
org.apache.catalina.valves.RemoteHostValve does this work ???
Hi
Spec
JDK1.6
TC : tomcat 6.26
O/s win 7 /Linux (redhat)
I have configured the valve as follows in TC /conf/Context.xml
*<Valve className="org.apache.catalina.valves.RemoteHostValve"
allow="ai-itl-107"
deny="192.168.8.210" />*
On restart of the TC ... I am denied access at URL
*http://ai-itl-107:8080/*
as HTTP 403 Error ???
Disabling this valve the URL works and application is available normally.
I am confused
with regards
karthik
--
View this message in context: http://tomcat.10.n6.nabble.com/org-apache-catalina-valves-RemoteHostValve-does-this-work-tp4981517.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: org.apache.catalina.valves.RemoteHostValve does this work ???
Posted by André Warnier <aw...@ice-sa.com>.
Leo Donahue - PLANDEVX wrote:
>> -----Original Message-----
>> From: N.s.Karthik [mailto:nskarthik.k@gmail.com]
>> Subject: org.apache.catalina.valves.RemoteHostValve does this work ???
>>
>> Hi
>>
>> Spec
>> JDK1.6
>> TC : tomcat 6.26
>> O/s win 7 /Linux (redhat)
>>
>> I have configured the valve as follows in TC /conf/Context.xml
>>
>> *<Valve className="org.apache.catalina.valves.RemoteHostValve"
>> allow="ai-itl-107"
>> deny="192.168.8.210" />*
>>
>> On restart of the TC ... I am denied access at URL
>>
>> *http://ai-itl-107:8080/*
>>
>> as HTTP 403 Error ???
>>
>> Disabling this valve the URL works and application is available
>> normally.
>>
>> I am confused
>>
>>
>> with regards
>> karthik
>
> The docs indicate that you need to use a regular expression pattern for the allow and deny attributes.
>
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter
>
> allow="ai\-itl\-107"
> deny="192\.168\.8\.210"
>
> Does that work?
>
> Leo
>
In addition, either I am missing something, or there are a couple of strange things in the
original post.
The allow/deny of the RemoteHostValve are supposed to mean /from which client/ one can or
cannot access this Tomcat Host, on the base of the client's *hostname*.
(read http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter, as
compared to http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter)
So
1) what does this *request* URL "http://ai-itl-107:8080" have to do with it all ? is
"ai-itl-107" the hostname of the client, or of the server ?
2) what about the IP address in the "deny" part ? should one not be using a hostname here
(or use a Remote Address Filter instead) ?
In addition, if one really wants to use the *hostname* of the client to allow or deny
access, then one should also make sure that the server, when it resolves the client's IP
address to a name, is really getting what is shown up there.
Otherwise it will not allow it, which seems to be happening here (but again, maybe I'm
confused).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: org.apache.catalina.valves.RemoteHostValve does this work ???
Posted by Leo Donahue - PLANDEVX <Le...@mail.maricopa.gov>.
> -----Original Message-----
> From: N.s.Karthik [mailto:nskarthik.k@gmail.com]
> Subject: org.apache.catalina.valves.RemoteHostValve does this work ???
>
> Hi
>
> Spec
> JDK1.6
> TC : tomcat 6.26
> O/s win 7 /Linux (redhat)
>
> I have configured the valve as follows in TC /conf/Context.xml
>
> *<Valve className="org.apache.catalina.valves.RemoteHostValve"
> allow="ai-itl-107"
> deny="192.168.8.210" />*
>
> On restart of the TC ... I am denied access at URL
>
> *http://ai-itl-107:8080/*
>
> as HTTP 403 Error ???
>
> Disabling this valve the URL works and application is available
> normally.
>
> I am confused
>
>
> with regards
> karthik
The docs indicate that you need to use a regular expression pattern for the allow and deny attributes.
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter
allow="ai\-itl\-107"
deny="192\.168\.8\.210"
Does that work?
Leo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org