You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Paul Seed <pa...@yahoo.com> on 2009/06/05 11:55:39 UTC
With APR, getRemoteHost() returns NULL for unknown clients?
Hello,
After searching in all the usual places for a problem I'm having with Tomcat/APR and reverse lookups, I haven't found anything similar, so maybe someone on the list can help...
My setup is a RedHat 5 server (32 bit) running Tomcat 6.0.20 with Tomcat Native 1.1.16 libraries and Sun JDK 1.6.0_14. I've built and installed Tomcat Native as described in http://tomcat.apache.org/native-doc/
The server.xml file has been modified to add enableLookups="true" to the HTTP Connector entry:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
enableLookups="true"
redirectPort="8443" />
Now, when the client exists in the DNS, reverse lookups via HttpServletRequest.getRemoteHost() work fine whether or not I'm using APR.
The problem is, when attempting a reverse lookup for a client that is not found in the naming service, the behaviour of getRemoteHost() depends on whether or not APR is being used. Specifically, without APR, the method returns the dotted-string form of the IP address (consistent with the doc http://java.sun.com/webservices/docs/1.6/api/javax/servlet/ServletRequest.html#getRemoteHost() ). However, when APR is enabled, the method returns NULL.
I can reproduce the problem using a simple test servlet:
# cat GetAddress.java
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class GetAddress extends HttpServlet {
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws IOException, ServletException{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<b><font color='red'>Hostname of request : </font></b>"
+request.getRemoteHost()+"<p>");
out.println("<b><font color='blue'>IP Address of request : </font></b>"
+request.getRemoteAddr());
}
}
If LD_LIBRARY_PATH is set to $CATALINA_HOME/lib, catalina.out confirms APR is enabled:
05-Jun-2009 11:09:01 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
05-Jun-2009 11:09:01 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
05-Jun-2009 11:09:02 org.apache.coyote.http11.Http11AprProtocol init
From my client unknown to the DNS, the web page shows "Hostname of request: null ... IP Address of request: <client IP address>"
Now, after unsetting LD_LIBRARY_PATH and restarting Tomcat (catalina.out confirms APR is not used), a request from the same client correctly shows "Hostname of request: <client IP address>... IP Address of request: <client IP address>"
This behaviour with APR is causing problems for a third-party application that relies on identifying the client IP/host for authentication - as the code does not expect NULL from getRemoteHost() it denies access to the client (coming from another company via LAN-to-LAN VPN).
Any ideas on how to debug this further? I had a quick look in the APR source but couldn't find any reference to getRemoteHost or enableLookups so I'm not sure where this side effect is coming from. I'd be happy to collect more info and file a bug report if necessary.
Thanks in advance
- Paul Seed.
ADMINISTRATOR: PLEASE READ
Posted by Alexander Ryan <al...@gmail.com>.
The "unsubscribe" feature for this list appears to be broken.
Kindly unsubscribe me.
Thank you.
~Alex
Alex Ryan's Facebook profile
> -----Original Message-----
> From: Mohamedin [mailto:mohamedin@easy-dialog.info]
> Sent: Friday, June 05, 2009 9:40 AM
> To: Tomcat Users List
> Subject: APR is not working
>
> Dear everybody,
>
> I am trying to install APR for tomcat 6.0.18 on debian
> I did the following:
>
> apt-get install libapr1-dev libssl-dev
> cd tomcat-native-1.1.16-src/jni/native
> ./configure --with-apr=/usr/bin/apr-1-config --with-java-
> home=/usr/lib/jvm/java-1.5.0-sun
> --prefix=/usr/lib/catalina
> make
> make install
>
>
> and created the file $CATALINA_HOME/bin/setenv.sh which has the
> following
> lines
> LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
> export LD_LIBRARY_PATH
>
> Then when I started tomcat the log shows the following lines and then
> nothing (It hangs)
>
> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
>
>
> I have tryed to stop and run it again manytimes and the same result.
>
> Please help
>
> Thanks a lot,
> Mohamedin
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: APR is not working
Posted by Rainer Jung <ra...@kippdata.de>.
On 05.06.2009 15:40, Mohamedin wrote:
> Dear everybody,
>
> I am trying to install APR for tomcat 6.0.18 on debian
> I did the following:
>
> apt-get install libapr1-dev libssl-dev
> cd tomcat-native-1.1.16-src/jni/native
> ./configure --with-apr=/usr/bin/apr-1-config
> --with-java-home=/usr/lib/jvm/java-1.5.0-sun --prefix=/usr/lib/catalina
> make
> make install
>
>
> and created the file $CATALINA_HOME/bin/setenv.sh which has the
> following lines
> LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
> export LD_LIBRARY_PATH
>
> Then when I started tomcat the log shows the following lines and then
> nothing (It hangs)
>
> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
>
>
> I have tryed to stop and run it again manytimes and the same result.
<speculation>
If it looks hanging during startup, it might initialize randomness and
use /dev/random (blocking good quality randomness) instead of
/dev/urandom (non-blocking pseudo-randomness). You can try to get a
stack during the "hang" using "gstack".
Do you have a /dev/urandom device? Can you read from it, e.g. if you do a
dd if=/dev/urandom of=/dev/null count=100
(reading 100 blocks of 512 bytes of randomness), does it return fast?
What happens if you do the same again during the "hang"?
</speculation>
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: APR is not working
Posted by Mohamedin <mo...@easy-dialog.info>.
Thanks a lot for your fast reply (Both of you)
It was the random number generator
Setting SSLEngine to off fixed the problem
And I don't need the SSL since it is handled by apache using mod_jk
Thanks again,
Mohamedin
----- Original Message -----
From: "Mladen Turk" <mt...@apache.org>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Friday, June 05, 2009 4:54 PM
Subject: Re: APR is not working
> Mohamedin wrote:
>>
>> Then when I started tomcat the log shows the following lines and then
>> nothing (It hangs)
>>
>> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
>> INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
>> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
>> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
>> [false], random [true].
>>
>>
>> I have tryed to stop and run it again manytimes and the same result.
>>
>
> Have you tried to be more patient?
> On some systems the random number generator if
> having low entropy can hang for few minutes.
>
> Try setting SSLEngine to off in server.xml and
> see if it'll start faster.
>
>
> Regards
>
> --
> ^TM
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4132 (20090604) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: APR is not working
Posted by Mladen Turk <mt...@apache.org>.
Mohamedin wrote:
>
> Then when I started tomcat the log shows the following lines and then
> nothing (It hangs)
>
> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
> INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
> 05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
> [false], random [true].
>
>
> I have tryed to stop and run it again manytimes and the same result.
>
Have you tried to be more patient?
On some systems the random number generator if
having low entropy can hang for few minutes.
Try setting SSLEngine to off in server.xml and
see if it'll start faster.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
APR is not working
Posted by Mohamedin <mo...@easy-dialog.info>.
Dear everybody,
I am trying to install APR for tomcat 6.0.18 on debian
I did the following:
apt-get install libapr1-dev libssl-dev
cd tomcat-native-1.1.16-src/jni/native
./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/lib/jvm/java-1.5.0-sun
--prefix=/usr/lib/catalina
make
make install
and created the file $CATALINA_HOME/bin/setenv.sh which has the following
lines
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib
export LD_LIBRARY_PATH
Then when I started tomcat the log shows the following lines and then
nothing (It hangs)
05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
05.06.2009 14:15:46 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
I have tryed to stop and run it again manytimes and the same result.
Please help
Thanks a lot,
Mohamedin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: With APR, getRemoteHost() returns NULL for unknown clients?
Posted by Paul Seed <pa...@yahoo.com>.
Thanks Mark, I've filed bug #47319.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47319
Cheers
- Paul.
________________________________
From: Mark Thomas <ma...@apache.org>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Friday, 5 June, 2009 12:12:07
Subject: Re: With APR, getRemoteHost() returns NULL for unknown clients?
Paul Seed wrote:
> Any ideas on how to debug this further? I had a quick look in the APR source but couldn't find any reference to getRemoteHost or enableLookups so I'm not sure where this side effect is coming from. I'd be happy to collect more info and file a bug report if necessary.
Looks like you have enough info for a bug report to me.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: With APR, getRemoteHost() returns NULL for unknown clients?
Posted by Mark Thomas <ma...@apache.org>.
Paul Seed wrote:
> Any ideas on how to debug this further? I had a quick look in the APR source but couldn't find any reference to getRemoteHost or enableLookups so I'm not sure where this side effect is coming from. I'd be happy to collect more info and file a bug report if necessary.
Looks like you have enough info for a bug report to me.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org