You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nick Johnson <ni...@bluejeansnet.com> on 2017/03/04 04:33:25 UTC
Handling wildcard domains in Tomcat 8.0
Greetings,
I have observed that with the default configuration where the <Host> name
is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers to
the IP address of the local machine. For my use case, this is highly
undesirable behavior, because the hostname is meaningful to my application
(but one application needs to handle all possible hosts).
I've used the <Alias> entry to convince it not to change the Host headers
for one FQDN; however, I see that wildcard support in <Alias> doesn't exist
prior to Tomcat 8.5. As I'm using a hosted service which provides Tomcat
8.0, I'm trying to find a workaround for this problem in Tomcat 8 if I can.
Is there any way to have Tomcat 8.0 have a single virtual host handle all
of a wildcard domain, or, barring that, is there a way to get it to pass
through the Host header, unchanged, to the default Host (effectively
directing ALL traffic at the default Host, unchanged, regardless).
Re: Handling wildcard domains in Tomcat 8.0
Posted by Nick Johnson <ni...@bluejeansnet.com>.
On Sun, Mar 5, 2017 at 10:56 AM, Mark Thomas <ma...@apache.org> wrote:
>
> >> That is not correct. Tomcat makes no changes to the Host or
> >> X-Forwarded-Host header it receives in the default configuration.
> >
> > Are there any configuration modifications that could cause this behavior
> to
> > manifest?
>
> The RemoteIpValve and RemoteIpFilter will modify the values an
> application sees for those headers.
>
Thanks, I'll investigate further to see if either of those have been set up
in the configuration from my provider, or if they've added some other
customized Valve or Filter which could be mangling the Host header based on
Host or Alias matching.
The behavior I have observed is 100% trivially reproducible, so there must
be something in the configuration that is causing it.
Nick
Re: Handling wildcard domains in Tomcat 8.0
Posted by Mark Thomas <ma...@apache.org>.
On 05/03/17 18:37, Nick Johnson wrote:
Please configure your e-mail client to quote text you reply to. It makes
conversations much easier to follow.
>> On Mar 5, 2017 9:50 AM, "Mark Thomas" <ma...@apache.org> wrote:
>>
>> On 04/03/17 04:33, Nick Johnson wrote:
>>> Greetings,
>>>
>>> I have observed that with the default configuration where the <Host> name
>>> is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers
>> to
>>> the IP address of the local machine.
>>
>> That is not correct. Tomcat makes no changes to the Host or
>> X-Forwarded-Host header it receives in the default configuration.
>
> Are there any configuration modifications that could cause this behavior to
> manifest?
The RemoteIpValve and RemoteIpFilter will modify the values an
application sees for those headers.
> Running nc or tcpdump on the command line, I see the correct Host and
> X-Forwarded-Host headers arriving for Tomcat, but from my application, the
> Host header and X-Forwarded-Host header both contain the IP address of the
> local machine.
How are you obtaining the header values?
> Using the same war file in a different container (Jetty), I do not observe
> this behavior.
>
> I also do not observe this behavior if the Host header matches either the
> <Host> name or an <Alias> name.
Those have no impact on the value of the HTTP Host header.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Handling wildcard domains in Tomcat 8.0
Posted by Nick Johnson <ni...@bluejeansnet.com>.
On Mar 5, 2017 9:50 AM, "Mark Thomas" <ma...@apache.org> wrote:
On 04/03/17 04:33, Nick Johnson wrote:
> Greetings,
>
> I have observed that with the default configuration where the <Host> name
> is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers
to
> the IP address of the local machine.
That is not correct. Tomcat makes no changes to the Host or
X-Forwarded-Host header it receives in the default configuration.
Are there any configuration modifications that could cause this behavior to
manifest?
Running nc or tcpdump on the command line, I see the correct Host and
X-Forwarded-Host headers arriving for Tomcat, but from my application, the
Host header and X-Forwarded-Host header both contain the IP address of the
local machine.
Using the same war file in a different container (Jetty), I do not observe
this behavior.
I also do not observe this behavior if the Host header matches either the
<Host> name or an <Alias> name.
Nick
Re: Handling wildcard domains in Tomcat 8.0
Posted by Mark Thomas <ma...@apache.org>.
On 04/03/17 04:33, Nick Johnson wrote:
> Greetings,
>
> I have observed that with the default configuration where the <Host> name
> is 'localhost', Tomcat will change the Host and X-Forwarded-Host headers to
> the IP address of the local machine.
That is not correct. Tomcat makes no changes to the Host or
X-Forwarded-Host header it receives in the default configuration.
> For my use case, this is highly
> undesirable behavior, because the hostname is meaningful to my application
> (but one application needs to handle all possible hosts).
>
> I've used the <Alias> entry to convince it not to change the Host headers
> for one FQDN; however, I see that wildcard support in <Alias> doesn't exist
> prior to Tomcat 8.5. As I'm using a hosted service which provides Tomcat
> 8.0, I'm trying to find a workaround for this problem in Tomcat 8 if I can.
The contents of the <Alias /> element has no impact on the contents of
the HTTP Host header.
> Is there any way to have Tomcat 8.0 have a single virtual host handle all
> of a wildcard domain, or, barring that, is there a way to get it to pass
> through the Host header, unchanged, to the default Host (effectively
> directing ALL traffic at the default Host, unchanged, regardless).
Use the default configuration.
Note: If you use a reverse proxy and/or a distribution of Tomcat from
somewhere other than the ASF (e.g. your favourite Linux distribution)
then all bets are off and you'll need to refer to their documentation so
see what the default behaviour is.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org