You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dale Ogilvie <Da...@trimble.com> on 2011/12/12 02:06:17 UTC
Tomcat proxy configuration for serverside http requests
Hi,
Weird issue, perhaps someone can explain how this might be happening
from a tomcat perspective...
I have some CXF generated web service client code that calls a web
service that operates on an IP whitelist. If I run this code from the
shell as the tomcat owner user "apache_tomcat" on the app server (RHEL6)
the webservice reports that the client ip is the app server. This is as
expected, it is making a direct http connection to the web service.
If I wrap this exact same code in a jsp and deploy it to tomcat 7.0.20
on the app server, where tomcat is running as user "apache_tomcat", the
client ip is reported as one of our internal proxy servers. This should
not be happening.
There are no http_proxy environment variables set for either
apache_tomcat or root. The tomcat jvm has no -Dhttp.proxy settings. But,
it seems that the code running in tomcat is pulling a proxy definition
from somewhere.
Any ideas where this proxy is coming from? We can't find anything at all
on the OS. Is tomcat or java itself proactively searching for available
proxies?
The only way to get the behaviour we want is to use -Dhttp.proxy and
-DnonProxyHosts statements on the tomcat jvm command line. If we do
this, we can at least get a proxy on the same continent J
Thanks
Dale
RE: Tomcat proxy configuration for serverside http requests
Posted by Dale Ogilvie <Da...@trimble.com>.
>> André Warnier wrote:
>> Just to complete your report :
>> - is the JVM used in both cases exactly the same ?
>> - are either one of the Tomcats (or both) using the "native APR" library ?
>> (although I have no idea really if this is relevant or not when a
>> webapp makes its own connections)
>Could the app contain code which uses a specific proxy?
>p
The same Sun 1.6.29 jvm is being used in both instances, and native APR is not involved here.
I don't believe app code is to blame as the proxy chosen is not a normal one for our environments. It looks more like it is being "discovered" to me. I have used CXF code to specifically set the proxy, and nonProxyHosts. If I do this, if the web service host defined in nonProxyHosts it will fall back through the "alien" proxy.
i.e. For Tomcat:
1. No known proxy set: Client IP at the web service appears as proxy A
2. CXF code to set to Proxy B: Client IP is proxy B
3. CXF code to set to Proxy B and App Server hostname in nonProxyhosts: Client IP is proxy A
4. Tomcat jvm -Dhttp.proxy=proxyA and -Dhttp.nonProxyHosts=appserver: Client IP is app server (desired outcome)
Whereas the same code running on the console as the tomcat user never uses proxy A, unless specifically asked to in CXF code.
I would like to know where that proxy is coming from.
Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat proxy configuration for serverside http requests
Posted by Pid <pi...@pidster.com>.
On 12/12/2011 09:56, André Warnier wrote:
> Dale Ogilvie wrote:
>> Hi,
>>
>>
>>
>> Weird issue, perhaps someone can explain how this might be happening
>> from a tomcat perspective...
>>
>>
>>
>> I have some CXF generated web service client code that calls a web
>> service that operates on an IP whitelist. If I run this code from the
>> shell as the tomcat owner user "apache_tomcat" on the app server (RHEL6)
>> the webservice reports that the client ip is the app server. This is as
>> expected, it is making a direct http connection to the web service.
>>
>>
>>
>> If I wrap this exact same code in a jsp and deploy it to tomcat 7.0.20
>> on the app server, where tomcat is running as user "apache_tomcat", the
>> client ip is reported as one of our internal proxy servers. This should
>> not be happening.
>>
>>
>>
>> There are no http_proxy environment variables set for either
>> apache_tomcat or root. The tomcat jvm has no -Dhttp.proxy settings. But,
>> it seems that the code running in tomcat is pulling a proxy definition
>> from somewhere.
>>
>>
>>
>> Any ideas where this proxy is coming from? We can't find anything at all
>> on the OS. Is tomcat or java itself proactively searching for available
>> proxies?
>>
>>
>>
>> The only way to get the behaviour we want is to use -Dhttp.proxy and
>> -DnonProxyHosts statements on the tomcat jvm command line. If we do
>> this, we can at least get a proxy on the same continent J
>>
> Just to complete your report :
> - is the JVM used in both cases exactly the same ?
> - are either one of the Tomcats (or both) using the "native APR" library ?
> (although I have no idea really if this is relevant or not when a
> webapp makes its own connections)
Could the app contain code which uses a specific proxy?
p
--
[key:62590808]
Re: Tomcat proxy configuration for serverside http requests
Posted by André Warnier <aw...@ice-sa.com>.
Dale Ogilvie wrote:
> Hi,
>
>
>
> Weird issue, perhaps someone can explain how this might be happening
> from a tomcat perspective...
>
>
>
> I have some CXF generated web service client code that calls a web
> service that operates on an IP whitelist. If I run this code from the
> shell as the tomcat owner user "apache_tomcat" on the app server (RHEL6)
> the webservice reports that the client ip is the app server. This is as
> expected, it is making a direct http connection to the web service.
>
>
>
> If I wrap this exact same code in a jsp and deploy it to tomcat 7.0.20
> on the app server, where tomcat is running as user "apache_tomcat", the
> client ip is reported as one of our internal proxy servers. This should
> not be happening.
>
>
>
> There are no http_proxy environment variables set for either
> apache_tomcat or root. The tomcat jvm has no -Dhttp.proxy settings. But,
> it seems that the code running in tomcat is pulling a proxy definition
> from somewhere.
>
>
>
> Any ideas where this proxy is coming from? We can't find anything at all
> on the OS. Is tomcat or java itself proactively searching for available
> proxies?
>
>
>
> The only way to get the behaviour we want is to use -Dhttp.proxy and
> -DnonProxyHosts statements on the tomcat jvm command line. If we do
> this, we can at least get a proxy on the same continent J
>
Just to complete your report :
- is the JVM used in both cases exactly the same ?
- are either one of the Tomcats (or both) using the "native APR" library ?
(although I have no idea really if this is relevant or not when a webapp makes its own
connections)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org