You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dhanushka Parakrama <pa...@gmail.com> on 2016/02/15 13:03:54 UTC
Block urls using X-forwaed-for
Hi Guys
I have a Tomcat instance behind the load balancer (LB) , LB will pass the
client ip address to backed tomcat instance using *X-forward-for* header .
I basically want to filter user traffic based on the *X-forwaed-for* header
in tomcat instance
i have configured the following filter in tomcat , but it not working
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>localhost|205\.97\.96\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>/mgt/*</url-pattern>
</filter-mapping>
Do you guys have any advice how to achieve it .
Thank You
Dhanushka
Re: Block urls using X-forwaed-for
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dhanushka,
On 2/15/16 7:03 AM, Dhanushka Parakrama wrote:
> I have a Tomcat instance behind the load balancer (LB) , LB will
> pass the client ip address to backed tomcat instance using
> *X-forward-for* header .
Note that the HTTP header is actually "X-Forwarded-For", not
"X-Forward-For".
> I basically want to filter user traffic based on the
> *X-forward-for* header in tomcat instance.
>
> i have configured the following filter in tomcat , but it not
> working
>
>
> <filter> <filter-name>Remote Address Filter</filter-name>
> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class
>
>
>
<init-param>
> <param-name>allow</param-name>
>
> <param-value>localhost|205\.97\.96\.\d+|::1|0:0:0:0:0:0:0:1</param-val
ue>
>
>
</init-param>
> </filter>
>
> <filter-mapping> <filter-name>Remote Address Filter</filter-name>
> <url-pattern>/mgt/*</url-pattern> </filter-mapping>
>
> Do you guys have any advice how to achieve it .
I think you are trying to do the following:
https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Advanced_con
figuration_with_internal_proxies
You haven't specified the filter's init-param names correctly.
Double-check your configuration and try again.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlbB6QIACgkQ9CaO5/Lv0PBHugCfTTH3/A7ZTiZOf0fIQODOEnpy
Rc4AoMLmT8H/44+0/mlntHpT3ogaQXVy
=+JVs
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Block urls using X-forwaed-for
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Dave,
On 2/15/16 12:31 PM, Dave Fisher wrote:
> You can take the source code for RemoteIPFilter and have it look at the X-Forwarded-For header.
>
> Even better offer a patch to RemoteIPFilter to allow the header field name to be configured.
>
> You are not the only one with this use case.
Even better, just read the documentation. No patch is required, and
anyone with this use case can use the out-of-the-box component.
http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Remote_IP_Filter/Initialisation_parameters
-chris
>> On Feb 15, 2016, at 7:07 AM, André Warnier (tomcat) <aw...@ice-sa.com> wrote:
>>
>>> On 15.02.2016 13:03, Dhanushka Parakrama wrote:
>>> Hi Guys
>>>
>>> I have a Tomcat instance behind the load balancer (LB) , LB will pass the
>>> client ip address to backed tomcat instance using *X-forward-for* header .
>>>
>>> I basically want to filter user traffic based on the *X-forwaed-for* header
>>> in tomcat instance
>>>
>>> i have configured the following filter in tomcat , but it not working
>>>
>>>
>>> <filter>
>>> <filter-name>Remote Address Filter</filter-name>
>>> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
>>> <init-param>
>>> <param-name>allow</param-name>
>>>
>>> <param-value>localhost|205\.97\.96\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
>>> </init-param>
>>> </filter>
>>>
>>> <filter-mapping>
>>> <filter-name>Remote Address Filter</filter-name>
>>> <url-pattern>/mgt/*</url-pattern>
>>> </filter-mapping>
>>>
>>>
>>> Do you guys have any advice how to achieve it .
>>
>> Maybe have a look at : http://tuckey.org/urlrewrite/ ?
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Block urls using X-forwaed-for
Posted by Dave Fisher <da...@comcast.net>.
You can take the source code for RemoteIPFilter and have it look at the X-Forwarded-For header.
Even better offer a patch to RemoteIPFilter to allow the header field name to be configured.
You are not the only one with this use case.
Regards,
Dave
Sent from my iPhone
> On Feb 15, 2016, at 7:07 AM, André Warnier (tomcat) <aw...@ice-sa.com> wrote:
>
>> On 15.02.2016 13:03, Dhanushka Parakrama wrote:
>> Hi Guys
>>
>> I have a Tomcat instance behind the load balancer (LB) , LB will pass the
>> client ip address to backed tomcat instance using *X-forward-for* header .
>>
>> I basically want to filter user traffic based on the *X-forwaed-for* header
>> in tomcat instance
>>
>> i have configured the following filter in tomcat , but it not working
>>
>>
>> <filter>
>> <filter-name>Remote Address Filter</filter-name>
>> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
>> <init-param>
>> <param-name>allow</param-name>
>>
>> <param-value>localhost|205\.97\.96\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
>> </init-param>
>> </filter>
>>
>> <filter-mapping>
>> <filter-name>Remote Address Filter</filter-name>
>> <url-pattern>/mgt/*</url-pattern>
>> </filter-mapping>
>>
>>
>> Do you guys have any advice how to achieve it .
>
> Maybe have a look at : http://tuckey.org/urlrewrite/ ?
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Block urls using X-forwaed-for
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
On 15.02.2016 13:03, Dhanushka Parakrama wrote:
> Hi Guys
>
> I have a Tomcat instance behind the load balancer (LB) , LB will pass the
> client ip address to backed tomcat instance using *X-forward-for* header .
>
> I basically want to filter user traffic based on the *X-forwaed-for* header
> in tomcat instance
>
> i have configured the following filter in tomcat , but it not working
>
>
> <filter>
> <filter-name>Remote Address Filter</filter-name>
> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
> <init-param>
> <param-name>allow</param-name>
>
> <param-value>localhost|205\.97\.96\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>Remote Address Filter</filter-name>
> <url-pattern>/mgt/*</url-pattern>
> </filter-mapping>
>
>
> Do you guys have any advice how to achieve it .
>
Maybe have a look at : http://tuckey.org/urlrewrite/ ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org