You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/26 02:34:15 UTC

svn commit: r1175635 - in /tomcat/tc7.0.x/trunk: ./ webapps/docs/changelog.xml webapps/docs/config/filter.xml webapps/docs/config/valve.xml webapps/docs/manager-howto.xml webapps/host-manager/META-INF/context.xml webapps/manager/META-INF/context.xml

Author: kkolinko
Date: Mon Sep 26 00:34:14 2011
New Revision: 1175635

URL: http://svn.apache.org/viewvc?rev=1175635&view=rev
Log:
Merged revision(s) 1175633 from tomcat/trunk:
There is a caveat when using RemoteAddrValve with IPv6 addresses
- see thread "tomcat 7.0.21: bug in RemoteAddrValve?" of 2011-09-14 on users@
Document it and update configuration examples in manager and host-manager apps.
Add usage examples to valve.html, filter.html.

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml
    tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
    tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml
    tomcat/tc7.0.x/trunk/webapps/host-manager/META-INF/context.xml
    tomcat/tc7.0.x/trunk/webapps/manager/META-INF/context.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 26 00:34:14 2011
@@ -1 +1 @@
-/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096,1173241,1173256,1173288,1173333
 ,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613
+/tomcat/trunk:1156171,1156276,1156304,1156530,1156602,1157015,1157018,1157151,1157198,1157204,1157810,1157832,1157834,1157847,1157908,1157939,1158155,1158160,1158176,1158195,1158198-1158199,1158227,1158331,1158334-1158335,1158426,1160347,1160592,1160611,1160619,1160626,1160639,1160652,1160720-1160721,1160772,1160774,1160776,1161303,1161310,1161322,1161339,1161486,1161540,1161549,1161584,1162082,1162149,1162169,1162721,1162769,1162836,1162932,1163630,1164419,1164438,1164469,1164480,1164567,1165234,1165247-1165248,1165253,1165273,1165282,1165309,1165331,1165338,1165347,1165360-1165361,1165367-1165368,1165602,1165608,1165677,1165693,1165721,1165723,1165728,1165730,1165738,1165746,1165765,1165777,1165918,1165921,1166077,1166150-1166151,1166290,1166366,1166620,1166686,1166752,1166757,1167368,1167394,1169447,1170647,1171692,1172233-1172234,1172236,1172269,1172278,1172282,1172610,1172664,1172689,1172711,1173020-1173021,1173082,1173088,1173090,1173096,1173241,1173256,1173288,1173333
 ,1173342,1173461,1173614,1173630,1173659,1173722,1174061,1174239,1174330,1174337-1174339,1174343,1174353,1174799,1174882,1174884,1174983,1175155,1175158,1175167,1175182,1175190,1175201,1175272,1175275,1175283,1175582,1175589-1175590,1175594,1175602,1175613,1175633

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1175635&r1=1175634&r2=1175635&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Sep 26 00:34:14 2011
@@ -216,6 +216,10 @@
         Correct the documentation for <code>connectionLinger</code> attribute
         for the AJP and HTTP connectors. (markt)
       </fix>
+      <update>
+        Document caveat of using <code>RemoteAddrValve</code> with IPv6
+        addresses. (kkolinko)
+      </update>
     </changelog>
   </subsection>
   <subsection name="Other">

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml?rev=1175635&r1=1175634&r2=1175635&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/filter.xml Mon Sep 26 00:34:14 2011
@@ -531,6 +531,15 @@ FINE: Request "/docs/config/manager.html
     package. Please consult the Java documentation for details of the
     expressions supported.</p>
 
+    <p><strong>Note:</strong> There is a caveat when using this filter with
+    IPv6 addresses. Format of the IP address that this valve is processing
+    depends on the API that was used to obtain it. If the address was obtained
+    from Java socket using Inet6Address class, its format will be
+    <code>x:x:x:x:x:x:x:x</code>. That is, the IP address for localhost
+    will be <code>0:0:0:0:0:0:0:1</code> instead of the more widely used
+    <code>::1</code>. Consult your access logs for the actual value.</p>
+
+    <p>See also: <a href="#Remote_Host_Filter">Remote Host Filter</a>.</p>
   </subsection>
 
   <subsection name="Filter Class Name">
@@ -569,6 +578,24 @@ FINE: Request "/docs/config/manager.html
 
   </subsection>
 
+  <subsection name="Example">
+    <p>To allow access only for the clients connecting from localhost:</p>
+<pre>
+    &lt;filter>
+      &lt;filter-name>Remote Address Filter&lt;/filter-name>
+      &lt;filter-class>org.apache.catalina.filters.RemoteAddrFilter&lt;/filter-class>
+      &lt;init-param>
+        &lt;param-name>allow&lt;/param-name>
+        &lt;param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1&lt;/param-value>
+      &lt;/init-param>
+    &lt;/filter>
+    &lt;filter-mapping>
+      &lt;filter-name>Remote Address Filter&lt;/filter-name>
+      &lt;url-pattern>/*&lt;/url-pattern>
+    &lt;/filter-mapping>
+</pre>
+  </subsection>
+
 </section>
 
 
@@ -586,6 +613,7 @@ FINE: Request "/docs/config/manager.html
     package. Please consult the Java documentation for details of the
     expressions supported.</p>
 
+    <p>See also: <a href="#Remote_Address_Filter">Remote Address Filter</a>.</p>
   </subsection>
 
   <subsection name="Filter Class Name">

Modified: tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml?rev=1175635&r1=1175634&r2=1175635&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/config/valve.xml Mon Sep 26 00:34:14 2011
@@ -509,6 +509,16 @@
     package. Please consult the Java documentation for details of the
     expressions supported.</p>
 
+    <p><strong>Note:</strong> There is a caveat when using this valve with
+    IPv6 addresses. Format of the IP address that this valve is processing
+    depends on the API that was used to obtain it. If the address was obtained
+    from Java socket using Inet6Address class, its format will be
+    <code>x:x:x:x:x:x:x:x</code>. That is, the IP address for localhost
+    will be <code>0:0:0:0:0:0:0:1</code> instead of the more widely used
+    <code>::1</code>. Consult your access logs for the actual value.</p>
+
+    <p>See also: <a href="#Remote_Host_Filter">Remote Host Filter</a>,
+    <a href="#Remote_IP_Valve">Remote IP Valve</a>.</p>
   </subsection>
 
   <subsection name="Attributes">
@@ -544,6 +554,14 @@
 
   </subsection>
 
+  <subsection name="Example">
+    <p>To allow access only for the clients connecting from localhost:</p>
+<pre>
+    &lt;Valve className="org.apache.catalina.valves.RemoteAddrValve"
+       allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/&gt;
+</pre>
+  </subsection>
+
 </section>
 
 
@@ -565,6 +583,7 @@
     package. Please consult the Java documentation for details of the
     expressions supported.</p>
 
+    <p>See also: <a href="#Remote_Address_Filter">Remote Address Filter</a>.</p>
   </subsection>
 
   <subsection name="Attributes">

Modified: tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml?rev=1175635&r1=1175634&r2=1175635&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/manager-howto.xml Mon Sep 26 00:34:14 2011
@@ -159,7 +159,9 @@ the role <strong>manager-script</strong>
 
 <p>In addition to the password restrictions the Manager web application
 could be restricted by the remote IP address or host by adding a
-<code>RemoteAddrValve</code> or <code>RemoteHostValve</code>.  Here is
+<code>RemoteAddrValve</code> or <code>RemoteHostValve</code>.
+See <a href="config/valve.html#Remote_Address_Filter">valves documentation</a>
+for details. Here is
 an example of restricting access to the localhost by IP address:</p>
 <pre>
 &lt;Context privileged="true"&gt;

Modified: tomcat/tc7.0.x/trunk/webapps/host-manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/host-manager/META-INF/context.xml?rev=1175635&r1=1175634&r2=1175635&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/host-manager/META-INF/context.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/host-manager/META-INF/context.xml Mon Sep 26 00:34:14 2011
@@ -22,6 +22,6 @@
   -->
   <!--
   <Valve className="org.apache.catalina.valves.RemoteAddrValve"
-         allow="127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|::1" />
+         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
   -->
 </Context>
\ No newline at end of file

Modified: tomcat/tc7.0.x/trunk/webapps/manager/META-INF/context.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/manager/META-INF/context.xml?rev=1175635&r1=1175634&r2=1175635&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/manager/META-INF/context.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/manager/META-INF/context.xml Mon Sep 26 00:34:14 2011
@@ -22,6 +22,6 @@
   -->
   <!--
   <Valve className="org.apache.catalina.valves.RemoteAddrValve"
-         allow="127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|::1" />
+         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
   -->
 </Context>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org