You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Lars Huttar <la...@sil.org> on 2006/06/16 21:19:54 UTC

Re: org.apache.catalina.valves.RemoteHostValve issue

On the tomcat-user list
(http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg158910.html): 



>
>
>   Re: org.apache.catalina.valves.RemoteHostValve issue
>
> Mark Thomas
> Tue, 20 Sep 2005 14:09:45 -0700
>
> Tony Tomcat wrote:
>  
> >   ok. got off my lazy butt and looked at the code. RemoteHostValve
> >   uses request.getRequest().getRemoteHost() so just the javadoc
> >   needs updating for RemoteHostValve.java. I'm sure this was just a
> >   copy of RemoteAddrValve. ;-)
> Looks like it. I have just committed a fix to CVS.
>
>  
> >   Now i just need to figure out how to configure my tomcat to return
> >   values for getRemoteHost calls.
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html
> Look for enableLookups
>
> Mark
>

I have been trying to do this, namely, use a RemoteHostValve to restrict
Tomcat to accept connections from only certain hosts.
My <Context> looks like this:

          <Context docBase="../../cocoon-2.1.7" path="">
               <Valve
className="org.apache.catalina.valves.RemoteHostValve"

allow="localhost,massah,massah\.sil\.org,massah\.dallas\.sil\.org,isaiah\.wycliffe\.org,it-huttar1\.sil\.org,it-huttar-d820\.sil\.org"/> 



          </Context>

I also put enableLookups="true" in my connector, as instructed by the
documentation link you gave:
   <Connector port="80" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="true" redirectPort="8443" acceptCount="100"
              connectionTimeout="20000" disableUploadTimeout="true"
allowTrace="true"/>

But Tomcat forbids me to connect, even from localhost. (Localhost is
massah.dallas.sil.org.)

Earlier I tried the RemoteAddrValve with IP addresses, and was able to
get it to work fine. However that won't meet our needs very well, as our
various dev machines change IP addresses now and then.

Any ideas? Can I somehow trace what hostname Tomcat thinks the request
is coming from? I turned on allowTrace in the http connector, as you can
see, but I can't find a log file that traces connection attempts. I've
looked in all those in Tomcat 5.5\logs.

If it matters, I'm on a Windows 2000 Server machine, and running Cocoon
as the servlet. I'm running Tomcat 5.5.9.

Thanks for your help,

Lars





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: org.apache.catalina.valves.RemoteHostValve issue

Posted by Lars Huttar <la...@sil.org>.
Filip Hanik - Dev Lists wrote:
> Hi Lars,
> my guess is that it looks at 127.0.0.1, so adding 127\.0\.0\.1 to the 
> list would solve it
That worked! Thank you! The weird thing is, for other client machines, 
the hostname works. But for localhost, only the IP address works, even 
though I'm using RemoteHostValve instead of RemoteAddrValve.
> or, you can add enableLookups="true" to your <Connector> element,
It's already there.
>
> although, I'm not sure why it just wouldn't look at the Host header
>
> Filip
>
Thanks again!
Lars
>
>
> Lars Huttar wrote:
>> On the tomcat-user list
>> (http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg158910.html): 
>>
>>
>>
>>>
>>>
>>>   Re: org.apache.catalina.valves.RemoteHostValve issue
>>>
>>> Mark Thomas
>>> Tue, 20 Sep 2005 14:09:45 -0700
>>>
>>> Tony Tomcat wrote:
>>>  
>>> >   ok. got off my lazy butt and looked at the code. RemoteHostValve
>>> >   uses request.getRequest().getRemoteHost() so just the javadoc
>>> >   needs updating for RemoteHostValve.java. I'm sure this was just a
>>> >   copy of RemoteAddrValve. ;-)
>>> Looks like it. I have just committed a fix to CVS.
>>>
>>>  
>>> >   Now i just need to figure out how to configure my tomcat to return
>>> >   values for getRemoteHost calls.
>>> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html
>>> Look for enableLookups
>>>
>>> Mark
>>>
>>
>> I have been trying to do this, namely, use a RemoteHostValve to restrict
>> Tomcat to accept connections from only certain hosts.
>> My <Context> looks like this:
>>
>>          <Context docBase="../../cocoon-2.1.7" path="">
>>               <Valve
>> className="org.apache.catalina.valves.RemoteHostValve"
>>
>> allow="localhost,massah,massah\.sil\.org,massah\.dallas\.sil\.org,isaiah\.wycliffe\.org,it-huttar1\.sil\.org,it-huttar-d820\.sil\.org"/> 
>>
>>
>>
>>          </Context>
>>
>> I also put enableLookups="true" in my connector, as instructed by the
>> documentation link you gave:
>>   <Connector port="80" maxHttpHeaderSize="8192"
>>              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>              enableLookups="true" redirectPort="8443" acceptCount="100"
>>              connectionTimeout="20000" disableUploadTimeout="true"
>> allowTrace="true"/>
>>
>> But Tomcat forbids me to connect, even from localhost. (Localhost is
>> massah.dallas.sil.org.)
>>
>> Earlier I tried the RemoteAddrValve with IP addresses, and was able to
>> get it to work fine. However that won't meet our needs very well, as our
>> various dev machines change IP addresses now and then.
>>
>> Any ideas? Can I somehow trace what hostname Tomcat thinks the request
>> is coming from? I turned on allowTrace in the http connector, as you can
>> see, but I can't find a log file that traces connection attempts. I've
>> looked in all those in Tomcat 5.5\logs.
>>
>> If it matters, I'm on a Windows 2000 Server machine, and running Cocoon
>> as the servlet. I'm running Tomcat 5.5.9.
>>
>> Thanks for your help,
>>
>> Lars
>>
>>
>>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: org.apache.catalina.valves.RemoteHostValve issue

Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
Hi Lars,
my guess is that it looks at 127.0.0.1, so adding 127\.0\.0\.1 to the 
list would solve it
or, you can add enableLookups="true" to your <Connector> element,

although, I'm not sure why it just wouldn't look at the Host header

Filip



Lars Huttar wrote:
> On the tomcat-user list
> (http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg158910.html): 
>
>
>
>>
>>
>>   Re: org.apache.catalina.valves.RemoteHostValve issue
>>
>> Mark Thomas
>> Tue, 20 Sep 2005 14:09:45 -0700
>>
>> Tony Tomcat wrote:
>>  
>> >   ok. got off my lazy butt and looked at the code. RemoteHostValve
>> >   uses request.getRequest().getRemoteHost() so just the javadoc
>> >   needs updating for RemoteHostValve.java. I'm sure this was just a
>> >   copy of RemoteAddrValve. ;-)
>> Looks like it. I have just committed a fix to CVS.
>>
>>  
>> >   Now i just need to figure out how to configure my tomcat to return
>> >   values for getRemoteHost calls.
>> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html
>> Look for enableLookups
>>
>> Mark
>>
>
> I have been trying to do this, namely, use a RemoteHostValve to restrict
> Tomcat to accept connections from only certain hosts.
> My <Context> looks like this:
>
>          <Context docBase="../../cocoon-2.1.7" path="">
>               <Valve
> className="org.apache.catalina.valves.RemoteHostValve"
>
> allow="localhost,massah,massah\.sil\.org,massah\.dallas\.sil\.org,isaiah\.wycliffe\.org,it-huttar1\.sil\.org,it-huttar-d820\.sil\.org"/> 
>
>
>
>          </Context>
>
> I also put enableLookups="true" in my connector, as instructed by the
> documentation link you gave:
>   <Connector port="80" maxHttpHeaderSize="8192"
>              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>              enableLookups="true" redirectPort="8443" acceptCount="100"
>              connectionTimeout="20000" disableUploadTimeout="true"
> allowTrace="true"/>
>
> But Tomcat forbids me to connect, even from localhost. (Localhost is
> massah.dallas.sil.org.)
>
> Earlier I tried the RemoteAddrValve with IP addresses, and was able to
> get it to work fine. However that won't meet our needs very well, as our
> various dev machines change IP addresses now and then.
>
> Any ideas? Can I somehow trace what hostname Tomcat thinks the request
> is coming from? I turned on allowTrace in the http connector, as you can
> see, but I can't find a log file that traces connection attempts. I've
> looked in all those in Tomcat 5.5\logs.
>
> If it matters, I'm on a Windows 2000 Server machine, and running Cocoon
> as the servlet. I'm running Tomcat 5.5.9.
>
> Thanks for your help,
>
> Lars
>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 


Filip Hanik