You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/26 02:24:20 UTC
svn commit: r1175633 - in /tomcat/trunk/webapps: docs/config/filter.xml
docs/config/valve.xml docs/manager-howto.xml
host-manager/META-INF/context.xml manager/META-INF/context.xml
Author: kkolinko
Date: Mon Sep 26 00:24:20 2011
New Revision: 1175633
URL: http://svn.apache.org/viewvc?rev=1175633&view=rev
Log:
There is a caveat when using RemoteAddrValve with IPv6 addresses
- see thread "tomcat 7.0.21: bug in RemoteAddrValve?" of 2011-09-14 on users@
Document it and update configuration examples in manager and host-manager apps.
Add usage examples to valve.html, filter.html.
Modified:
tomcat/trunk/webapps/docs/config/filter.xml
tomcat/trunk/webapps/docs/config/valve.xml
tomcat/trunk/webapps/docs/manager-howto.xml
tomcat/trunk/webapps/host-manager/META-INF/context.xml
tomcat/trunk/webapps/manager/META-INF/context.xml
Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1175633&r1=1175632&r2=1175633&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Mon Sep 26 00:24:20 2011
@@ -531,6 +531,15 @@ FINE: Request "/docs/config/manager.html
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p><strong>Note:</strong> There is a caveat when using this filter with
+ IPv6 addresses. Format of the IP address that this valve is processing
+ depends on the API that was used to obtain it. If the address was obtained
+ from Java socket using Inet6Address class, its format will be
+ <code>x:x:x:x:x:x:x:x</code>. That is, the IP address for localhost
+ will be <code>0:0:0:0:0:0:0:1</code> instead of the more widely used
+ <code>::1</code>. Consult your access logs for the actual value.</p>
+
+ <p>See also: <a href="#Remote_Host_Filter">Remote Host Filter</a>.</p>
</subsection>
<subsection name="Filter Class Name">
@@ -569,6 +578,24 @@ FINE: Request "/docs/config/manager.html
</subsection>
+ <subsection name="Example">
+ <p>To allow access only for the clients connecting from localhost:</p>
+<pre>
+ <filter>
+ <filter-name>Remote Address Filter</filter-name>
+ <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
+ <init-param>
+ <param-name>allow</param-name>
+ <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
+ </init-param>
+ </filter>
+ <filter-mapping>
+ <filter-name>Remote Address Filter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+</pre>
+ </subsection>
+
</section>
@@ -586,6 +613,7 @@ FINE: Request "/docs/config/manager.html
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p>See also: <a href="#Remote_Address_Filter">Remote Address Filter</a>.</p>
</subsection>
<subsection name="Filter Class Name">
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1175633&r1=1175632&r2=1175633&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Mon Sep 26 00:24:20 2011
@@ -509,6 +509,16 @@
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p><strong>Note:</strong> There is a caveat when using this valve with
+ IPv6 addresses. Format of the IP address that this valve is processing
+ depends on the API that was used to obtain it. If the address was obtained
+ from Java socket using Inet6Address class, its format will be
+ <code>x:x:x:x:x:x:x:x</code>. That is, the IP address for localhost
+ will be <code>0:0:0:0:0:0:0:1</code> instead of the more widely used
+ <code>::1</code>. Consult your access logs for the actual value.</p>
+
+ <p>See also: <a href="#Remote_Host_Filter">Remote Host Filter</a>,
+ <a href="#Remote_IP_Valve">Remote IP Valve</a>.</p>
</subsection>
<subsection name="Attributes">
@@ -544,6 +554,14 @@
</subsection>
+ <subsection name="Example">
+ <p>To allow access only for the clients connecting from localhost:</p>
+<pre>
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>
+</pre>
+ </subsection>
+
</section>
@@ -565,6 +583,7 @@
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p>See also: <a href="#Remote_Address_Filter">Remote Address Filter</a>.</p>
</subsection>
<subsection name="Attributes">
Modified: tomcat/trunk/webapps/docs/manager-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/manager-howto.xml?rev=1175633&r1=1175632&r2=1175633&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/trunk/webapps/docs/manager-howto.xml Mon Sep 26 00:24:20 2011
@@ -159,7 +159,9 @@ the role <strong>manager-script</strong>
<p>In addition to the password restrictions the Manager web application
could be restricted by the remote IP address or host by adding a
-<code>RemoteAddrValve</code> or <code>RemoteHostValve</code>. Here is
+<code>RemoteAddrValve</code> or <code>RemoteHostValve</code>.
+See <a href="config/valve.html#Remote_Address_Filter">valves documentation</a>
+for details. Here is
an example of restricting access to the localhost by IP address:</p>
<pre>
<Context privileged="true">
Modified: tomcat/trunk/webapps/host-manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/host-manager/META-INF/context.xml?rev=1175633&r1=1175632&r2=1175633&view=diff
==============================================================================
--- tomcat/trunk/webapps/host-manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/host-manager/META-INF/context.xml Mon Sep 26 00:24:20 2011
@@ -22,6 +22,6 @@
-->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
- allow="127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|::1" />
+ allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
\ No newline at end of file
Modified: tomcat/trunk/webapps/manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/META-INF/context.xml?rev=1175633&r1=1175632&r2=1175633&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/manager/META-INF/context.xml Mon Sep 26 00:24:20 2011
@@ -22,6 +22,6 @@
-->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
- allow="127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|::1" />
+ allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org