Re: Tomcat 8 : Shared loader

On 15/06/16 4:06 pm, "Mark Thomas" <ma...@apache.org> wrote: >On 15/06/2016 11:00, Amit Pande wrote: >> We develop multiple web application which happen to share the same >>stack (Spring, Hibernate,etc). >> >> Thinking of sharing these third party lib

Tomcat 8 : Shared loader

We develop multiple web application which happen to share the same stack (Spring, Hibernate,etc). Thinking of sharing these third party libraries instead of duplicating in each web app war. IIUC, putting those in Tomcat (8)'s lib folder might cause issues since the classes in there are loaded

Re: Tomcat 8 : Shared loader

Thanks a lot, Lulseged for your inputs. With this approach, did you see any apparent issues / precautions that we should be aware of ? Thanks, Amit On 15/06/16 3:54 pm, "Lulseged Zerfu" wrote: >It should be shared.loader: >shared.loader="${catalina.base}/shared" > >>

Re: Tomcat 8 : Shared loader

Thank you Mark for your valuable inputs. They are indeed a great help. Thanks, Amit On 15/06/16 7:00 pm, "Mark Thomas" <ma...@apache.org> wrote: >On 15/06/2016 12:03, Amit Pande wrote: >> >> >> On 15/06/16 4:06 pm, "Mark Thomas" <ma...@ap

Re: Tomcat 8.0 : Custom server.xml path

Any thoughts on this ? On 11/07/16 1:15 pm, "Amit Pande" <amit.pa...@veritas.com> wrote: >Hello all, > > >We have a custom cluster deployment scenario which requires to put config >files on a shared disk. > >With reference to above requirement, we need t

Re: Custom Key Manager

Any pointers here, experts ? On 26/07/16 2:29 pm, "Amit Pande" <amit.pa...@veritas.com> wrote: > >In Tomcat (7.x+), there is a provision to hook in a custom implementation >for trust manager by mentioning class name in connector's >trustManagerClassName attribu

Re: Custom Key Manager

Thanks a lot Chris, will do that. Appreciate your help. Thanks, Amit On 31/07/16 6:37 pm, "Christopher Schultz" <ch...@christopherschultz.net> wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >Amit, > >On 7/26/16 4:59 AM, Amit Pande wrote: >> &

Re: Using JMX to get ONLY running applications

] org.apache.catalina.core.StandardContext.loadOnStartup Servlet [dispatcher] in web application [/testApp] threw load() exception I still see state for testApp as "STARTED". How can I accurately know if the application is started without any errors ? Appreciate your help. Thanks, Amit

Re: Using JMX to get ONLY running applications

. Unless asked here, I would have never known the ³shared² loader is still supported (and undocumented) in latest releases. Same is true with attributes associated with Tomcat Mbeans. Thanks, Amit On 14/07/16 2:18 am, "Mark Thomas" <ma...@apache.org> wrote: >On 13/07/2016 12:1

Re: Using JMX to get ONLY running applications

to be the case. I even checked the SERVLET Mbean as well did not see the expected state. Is there anything wrong that I am doing ? Is this a BUG ? Using Tomcat 8.0.30. Thanks, Amit On 13/07/16 1:05 pm, "Amit Pande" <amit.pa...@veritas.com> wrote: >I managed to use jCOnsole a

Using JMX to get ONLY running applications

Hello all, I see there are JMX APIs to get the web applications currently deployed in Tomcat. However, I see that even if the applications are failed to deploy, they still get listed. Is there any way to get ONLY deployed and RUNNING applications ? Below is sample snippet which gives all the

Remote Address/Host Filter per connector ..

Hello all, In my server.xml, within in single Service element, I have two HTTP connectors defined listening on two different ports (12345 & 54321 for example). It is possible to apply the remote address/host filter so that request to one of the ports (12345) are allowed only via localhost ?

Tomcat 8.0 : Custom server.xml path

Hello all, We have a custom cluster deployment scenario which requires to put config files on a shared disk. With reference to above requirement, we need to put server.xml (and possibly other files from TOMCAT_DIR\conf) on the shared disk. Is there any way to do this ? Possible to do in

Re: Remote Address/Host Filter per connector ..

ports , but I want to configure connecting to my web app using one of it via only the localhost and thus I wanted to set appropriate remote address filters. Thanks, Amit On 07/07/16 4:05 pm, "André Warnier (tomcat)" <a...@ice-sa.com> wrote: >On 07.07.2016 11:57, Amit Pande

Re: JIO Connector support in Tomcat 8.5

instead of private. Appreciate your thoughts. Thanks, Amit On 2/16/17, 11:48 AM, "Christopher Schultz" <ch...@christopherschultz.net> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amit, On 2/13/17 8:19 PM, Amit Pande wrote: > Thank

Tomcat 8.5 : Jasper errors

When upgraded from Tomcat 8.0.x to 8.5.x, while building our custom tags, the build is failing with below stack trace. The exception file not found does not give any clue on what’s the problem with the custom tag definition. I tried setting verbose attribute in jspc ant task as well as tried

JIO Connector support in Tomcat 8.5

As I understand, the JIO/BIO connector support has been dropped in Tomcat 8.5 +. While I understand the need to push to the NIO based connectors, just wondering whether the JIO connector support could have been left as it in Tomcat 8.5 and beyond. We had extended the BIO connector to have a

Re: JIO Connector support in Tomcat 8.5

Original Message Subject: Re: JIO Connector support in Tomcat 8.5 From: Christopher Schultz <ch...@christopherschultz.net> Date: Feb 13, 2017, 18:58 To: Tomcat Users List <users@tomcat.apache.org> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amit, On 2/13/17 6:55 PM

Re: JIO Connector support in Tomcat 8.5

Any suggestions on this? Could the Tomcat NIO connector be modified to receive the file descriptor from the other process ( mentioned below)? Thanks, Amit Original Message Subject: Re: JIO Connector support in Tomcat 8.5 From: Amit Pande <amit.pa...@veritas.com> Dat

Re: Tomcat 8.5 : Jasper errors

) The jasper ant task is as follows -→ (This directory has the above mentioned jar file) On 2/25/17, 7:32 AM, "Amit Pande" <amit.pa...@verit

Tomcat as Windows Service

Hello experts, We have configured the Tomcat to run as a Windows Service. And Windows SCM has a default time of 30 seconds, but the Tomcat process does not start/stop within this time. So, if we restart the service via SCM, we receive the Address in Use exceptions (as previous Tomcat process

Threadlocal leaks while Tomcat shutdown

This might not be the right forum to ask this question. Yet wanted to if anyone faced this issue. Our application uses Jacorb library to talk to legacy daemons over CORBA. However while stopping the Tomcat, observing following errors. They are from the jacrob.jar ..but not sure how to prevent

Bug 45014 - Request and Response classes should have wrappers for use in Valves

https://bz.apache.org/bugzilla/show_bug.cgi?id=45014 Any plans/thoughts on merging Chris' mod in Tomcat 9.x branch? It is really a nice to have built in support for Valves to have wrapper classes for Request and Response. We also had a requirement to read the request payload at a valve level

Using CLIENT-CERT

I am trying to setup Tomcat (8.5.28) and the web-app correctly in order to get the mutual authentication (using client certificates) done but only for some recourses and not all. For instance, I have a “authenticate” API for which I want to enable the client certificate authentication. So, I

Re: [EXTERNAL] Using CLIENT-CERT

d resource? Appreciate your inputs. On 4/8/18, 6:44 PM, "Amit Pande" <amit.pa...@veritas.com> wrote: I am trying to setup Tomcat (8.5.28) and the web-app correctly in order to get the mutual authentication (using client certificates) done but only for some recours

Re: [EXTERNAL] Using CLIENT-CERT

Thank you so much Chris and Mark! Sincerely appreciate the inputs. Sent from my iPhone > On Apr 11, 2018, at 8:16 AM, Christopher Schultz > <ch...@christopherschultz.net> wrote: > > Mark and Amit, > >> On 4/10/18 2:21 AM, Mark Thomas wrote: >>> On 9

Hostnames with underscores

Hello all, Recent Tomcat versions (8.5.32 I think) has made a stricter validation for hostnames with underscores in it. (https://bz.apache.org/bugzilla/show_bug.cgi?id=62371) This is understandably for addressing security issues (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816)

Re: [EXTERNAL] Re: Tomcat custom location for configuration

cleaned up in next Tomcat release(s), right? Thanks, Amit On 10/4/18, 12:15 PM, "Christopher Schultz" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amit, On 10/4/18 12:17, Amit Pande wrote: > Thanks! I will take a detailed relook at using CATALINA_

Re: [EXTERNAL] Re: Hostnames with underscores

erscore too. Thanks, Amit On Oct 26, 2018, at 12:02 PM, M. Manna mailto:manme...@gmail.com>> wrote: Have you checked the connector config doc for relaxedPathChars and relaxedQueryChars? On Fri, 26 Oct 2018 at 18:00, Amit Pande mailto:amit.pa...@veritas.com>> wrote: Hello all,

Re: [EXTERNAL] Re: Request header too large..

Thanks Chris. Yes, I will soon send out the patch for review. Thanks, Amit On 11/2/18, 5:25 PM, "Christopher Schultz" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amit, On 11/2/18 17:16, Amit Pande wrote: > As per current implementation (

Re: [EXTERNAL] Re: Request header too large..

the documentation be made more elaborate? Can we mention that this attribute puts the upper bound on combined size of all request headers and the request line? Thanks, Amit On 11/3/18, 4:39 AM, "Mark Thomas" wrote: On 03/11/2018 01:35, Amit Pande wrote: > Thanks Chris. Yes, I will

Request header too large..

As per current implementation (below snippet is from 8.5.28), if the request header is too large (by default >8K, the default maxHttpHeaderSize), is thrown below error message is seen. For request -- 02-Nov-2018 15:15:47.649 INFO [catalina-exec-40]

Re: [EXTERNAL] Re: Tomcat custom location for configuration

4/18, 8:38 AM, "Mark Thomas" wrote: On 03/10/18 17:18, Amit Pande wrote: > Thank you so much, Mark! > > In our case, the server.xml contains some information which is generated run time (pre-config before Tomcat is started) like the paths to key sto

Re: [EXTERNAL] Re: Tomcat custom location for configuration

, Amit On 10/3/18, 10:16 AM, "Mark Thomas" wrote: On 02/10/18 17:41, Amit Pande wrote: > Hello SMEs, > > I am looking at Tomcat documentation to see if there is a way to move the “/conf” to a custom location and use this path while running the startup/shutdown sc

Tomcat custom location for configuration

Hello SMEs, I am looking at Tomcat documentation to see if there is a way to move the “/conf” to a custom location and use this path while running the startup/shutdown scripts. I have looked at the

Re: [EXTERNAL] [SECURITY] CVE-2019-10072 Apache Tomcat HTTP/2 DoS

Could you please clarify: Affected versions 8.5.0 to 8.5.40 Mitigation says: 8.5.40 or later What am I missing? > On Jun 20, 2019, at 2:25 PM, Mark Thomas wrote: > > CVE-2019-10072 Apache Tomcat HTTP/2 DoS > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions

Query regarding bindOnInit default value..

Hello all, I was exploring Tomcat configuration which doesn't accept requests until the web application is deployed. "bindOnInit" connector attributes when set to false, makes socket bind when the connector starts and not when the connector is initialized. Wanted to know, why the default

Re: [EXTERNAL] Re: Query regarding bindOnInit default value..

Thanks for the inputs, Mark. Thanks, Amit > On Mar 29, 2020, at 5:06 PM, Mark Thomas wrote: > > On 29/03/2020 08:11, Amit Pande wrote: >> Hello all, >> >> I was exploring Tomcat configuration which doesn't accept requests until the >> web application is

RE: [EXTERNAL] Re: Uploads breaking post upgrade to 9.0.31

Using Tomcat 9.0.31. When using large JSON payload (little less than 2 MB) for POST requests, randomly (all random failures seen are on Windows and not on *ix), we are seeing: JSON parse error: Unexpected end-of-input in VALUE_STRING; nested exception is

RE: [EXTERNAL] Re: Uploads breaking post upgrade to 9.0.31

/2020 17:56, Amit Pande wrote: > Using Tomcat 9.0.31. > > When using large JSON payload (little less than 2 MB) for POST requests, randomly (all random failures seen are on Windows and not on *ix), we are seeing: > > JSON parse error: Unexpected end-of-input in VALUE_STRING; n

Embedded vs Standalone Tomcat

My apologies in advance if this has been already discussed in the group. I am looking for experiences of the community, any nitpicks, etc. Currently we are using standalone Tomcat version (9.x) to host a web applications which are essentially hosting REST APIs. We plan to move to micro services

Re: [EXTERNAL] Re: Embedded vs Standalone Tomcat

Thank you so much Igal for the inputs. Thanks, Amit Thanks, Amit From: Igal Sapir Sent: Sunday, October 18, 2020 11:36:22 AM To: Tomcat Users List Subject: [EXTERNAL] Re: Embedded vs Standalone Tomcat Amit, On Fri, Oct 16, 2020 at 8:32 AM Amit Pande wrote

Enabling FIPS for Tomcat

Dear all, The link below documents how to enable FIPS (using Bouncy Castle) for Tomcat. https://github.com/amitlpande/tomcat-9-fips Kindly let me know your inputs if this needs any corrections, enhancements. Also, a request to Tomcat leads: It is possible for these steps to be part of

RE: [EXTERNAL] Re: Enabling FIPS for Tomcat

: Enabling FIPS for Tomcat On 29/09/2020 16:25, Amit Pande wrote: > Dear all, > > The link below documents how to enable FIPS (using Bouncy Castle) for Tomcat. > > https://github.com/amitlpande/tomcat-9-fips > > Kindly let me know your inputs if this needs any corrections, en

Ensuring clean Tomcat shutdown

When the application does not clean up the resources, during shutdown, we see WARNINGs in Catalina logs: "WARNING [Catalina-utility-21] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [AAA] appears to have started a thread named [BBB] but has failed

Mitigating slow HTTP headers vulnerability

(My apologies if this has been discussed already.) Slow HTTP headers vulnerability was reported by scanner tool, on Tomcat 8.5.54. There might be not any perfect solution to address this issue, but wanted to understand some of the best practices to mitigate this vulnerability.

RE: [EXTERNAL] Re: Ensuring clean Tomcat shutdown

nServer = Registry.getRegistry(null, null).getMBeanServer();Set objectNames = mBeanServer.queryNames(new ObjectName(ALL_WEB_MODULES_QRY), null); El dom., 7 jun. 2020 a las 3:50, Amit Pande () escribió: > When the application does not clean up the resources, during shutdown, > we see WAR

RE: [EXTERNAL] Re: Bouncy Castle FIPS on RHEL 7.3

- From: Christopher Schultz Sent: Wednesday, November 25, 2020 9:42 PM To: users@tomcat.apache.org Subject: Re: [EXTERNAL] Re: Bouncy Castle FIPS on RHEL 7.3 Amit, On 11/25/20 12:40, Amit Pande wrote: > Thank you Chris for the inputs. Admittedly, I didn’t know the internals of > Sun JCE/JSSE

RE: [EXTERNAL] Re: Bouncy Castle FIPS on RHEL 7.3

25, 2020 10:33 AM To: users@tomcat.apache.org Subject: [EXTERNAL] Re: Bouncy Castle FIPS on RHEL 7.3 Amit, On 11/24/20 11:21, Amit Pande wrote: > Probably not directly related to Tomcat but still sharing. Advanced > apologies for that. > > I am using bouncy castle FIPS library and observ

Bouncy Castle FIPS on RHEL 7.3

Probably not directly related to Tomcat but still sharing. Advanced apologies for that. I am using bouncy castle FIPS library and observed that specifically on RHEL 7.3, the library usage is causing tremendous slowness. e.g. below key tool command taking several minutes to finish. keytool

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

multiple reasons. >>> >>> Are there any other dependencies Tomcat has on the underlying stack, >>> besides that provided by a Java crypto provider like BC-FIPS, having >>> a bearing on FIPS compliance? >>> >&g

RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Thank you George for letting us know on -Dorg.bouncycastle.rsa.allow_multi_use=true" JVM option. Will explore this further and update the document (https://github.com/amitlpande/tomcat-9-fips/blob/master/README.md) appropriately. Albeit reluctantly, we have given in to use BCFIPS (over

RE: [EXTERNAL] Re: Bouncy Castle FIPS on RHEL 7.3

To: users@tomcat.apache.org Subject: Re: [EXTERNAL] Re: Bouncy Castle FIPS on RHEL 7.3 Stefan, On 11/30/20 19:17, Stefan Mayr wrote: > Hi, > > Am 30.11.2020 um 17:09 schrieb Amit Pande: >> I guess I will have to investigate the RHEL 7.3 entropy issue separately >> (poss

RE: [OT] web app big memory usage?

Have you enabled the " Enable 'keep unreachable objects'" setting of MAT? https://blog.gceasy.io/2015/12/11/eclipse-mat-titbits/ Thanks, Amit -Original Message- From: Berneburg, Cris J. - US Sent: Thursday, May 27, 2021 2:24 PM To: users@tomcat.apache.org Subject: [EXTERNAL] [OT]

RE: [External] Re: Supporting Proxy Protocol in Tomcat

e original patch you liked/didn't like? ( https://bz.apache.org/bugzilla/show_bug.cgi?id=57830) Thank you, On Tue, Aug 29, 2023 at 3:13 PM Mark Thomas wrote: > On 28/08/2023 18:44, Amit Pande wrote: > > Oh, sure. So, what would be the best way to get some conclusion on > > this >

RE: [External] Re: Supporting Proxy Protocol in Tomcat

. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. 28 Aug 2023 17:11:20 Amit Pande : > Mark, > > Just checking - Did this issue get discussed in any of the core > members' meeting? There are no such meetings. Discussion happens on the mailing

RE: [External] Re: Supporting Proxy Protocol in Tomcat

Mark, Just checking - Did this issue get discussed in any of the core members' meeting? Thanks, Amit -Original Message- From: Amit Pande Sent: Monday, July 31, 2023 9:29 AM To: Tomcat Users List Subject: RE: [External] Re: Supporting Proxy Protocol in Tomcat Yes, understood. Thank

RE: [External] Re: Java 9+ and custom JCE/JSSE providers

CAUTION: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. On 31/10/2023 14:22, Amit Pande wrote

RE: [External] Re: Java 9+ and custom JCE/JSSE providers

the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. On 31/10/2023 14:22, Amit Pande wrote: > Hello, > > I am in the process of

FIPS Configuration for Java 11/17 and Tomcat 9

Please refer to the link below in case you are interested in configuring FIPS for Tomcat 9 running on Java 17. https://github.com/amitlpande/tomcat-9-fips/wiki/Java-11-17-Tomcat-9-FIPS-Configuration-Using-Bouncy-Castle I have tested steps for Java 11 and even Java 8 too. But there are different

RE: [External] RE: Java 9+ and custom JCE/JSSE providers

y.properties=file:/path/to/java_security_properties_file That "file:" prefix looks like Spring syntax. Is the prefix needed on the JVM command line? -- Cris Berneburg CACI Senior Software Engineer -Original Message- From: Amit Pande Sent: Tuesday, October 31, 2023 10:23 AM To: Tomcat Users

Java 9+ and custom JCE/JSSE providers

Hello, I am in the process of updating https://github.com/amitlpande/tomcat-9-fips page for version later than Java 8. Ran into an issue: 1. Was looking the configure the additional bouncy castle providers in the Java install itself by: * Modifying the java.security file to add

RE: [External] Re: Tomcat upgrade from 9.0.80 to 9.0.81

This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. ср, 11 окт. 2023 г. в 02:31, Amit Pande : > > T

Tomcat upgrade from 9.0.80 to 9.0.81

I am still investigating more but after upgrading from Tomcat 9.0.80 to 9.0.81, many of our rest assured based tests are failing with below error ... Caused by: org.apache.http.ConnectionClosedException: Premature end of Content-Length delimited message body (expected: 4,999; received: 3,040)

Re: [External] Re: Tomcat upgrade from 9.0.80 to 9.0.81

%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=oADTYN4nOfLFatx%2BOXDEXsVuXgHZvvBfoFcKK93jrLk%3D=0<https://bz.apache.org/bugzilla/show_bug.cgi?id=67670> Best regards, Konstantin Kolinko ср, 11 окт. 2023 г. в 00:01, Amit Pande : > > I am still investigating more but after upgrading from Tomcat 9.0.80

RE: [External] Re: listening all local addresses by default is not security best practice

in Outlook. On 8/6/23 13:25, Amit Pande wrote: > My apologies if I missed any conclusion here. > > From the description of address attribute on HTTP connector: > > "For servers with more than one IP address, this attribute specifies which > address will be used for listenin

RE: [External] Re: Maximum header size in Tomcat 9

Hello Mark, Could we slightly update the description - to say that this size is total size (in bytes)of all the request (and response) headers combined (including the header name and values)? In the past, I incorrectly assumed that this size limit applies for one header value.

SSL Handshake Failure - Logging Level

Hello, First, thank you to Mark for adding the access logs in case of SSL handshake failures (https://github.com/apache/tomcat/commit/acf6076d7118571ebc881984b96792f861b72bb2#). Really useful enhancement. On a related note, I am trying to understand if we can log the SSL handshake failure at

RE: [External] Re: Maximum header size in Tomcat 9

Thank you, Mark! -Original Message- From: Mark Thomas Sent: Thursday, May 26, 2022 6:10 AM To: users@tomcat.apache.org Subject: Re: [External] Re: Maximum header size in Tomcat 9 On 25/05/2022 16:21, Amit Pande wrote: > Hello Mark, > > Could we slightly update the description

RE: [External] Re: SSL Handshake Failure - Logging Level

Message- From: Mark Thomas Sent: Saturday, June 4, 2022 6:13 AM To: users@tomcat.apache.org Subject: Re: [External] Re: SSL Handshake Failure - Logging Level On 03/06/2022 21:29, Amit Pande wrote: > Thank you, Mark. > > I agree changing the log level to error could cause pro

RE: [External] Re: SSL Handshake Failure - Logging Level

at SSL host config level in "server.xml". Thanks, Amit -Original Message- From: Mark Thomas Sent: Friday, June 3, 2022 12:24 PM To: users@tomcat.apache.org Subject: [External] Re: SSL Handshake Failure - Logging Level On 03/06/2022 15:33, Amit Pande wrote: > Hello, >

Customizing CorsFilter

Hello all, I am currently using the Tomcat 9.0.65 (9.x) and looking at the possibility of extending the CorsFilter, specially the configuration part. I am looking at the ability to initialize the parameters of Tomcat's

RE: [External] Re: Customizing CorsFilter

09/2022 18:42, Amit Pande wrote: >> Hello all, >> >> I am currently using the Tomcat 9.0.65 (9.x) and looking at the >> possibility of extending the >> CorsFilter<https://nam12.safelinks.protection.outlook.com/?url=https% >> 3A%2F%2Ftomcat.apache.org%2Ftomcat-

RE: [External] Re: Customizing CorsFilter

Thank you, again!  -Original Message- From: Mark Thomas Sent: Wednesday, September 7, 2022 6:31 AM To: users@tomcat.apache.org Subject: Re: [External] Re: Customizing CorsFilter On 07/09/2022 12:22, Amit Pande wrote: > Thank you, Mark! Will do some more research on this and see i

RE: [External] Re: Customizing CorsFilter

: Re: [External] Re: Customizing CorsFilter On 07/09/2022 11:42, Amit Pande wrote: > Could you please share more details on "web.xml" changes and dynamic reload > of applications? Some documentation link or something would be helpful. I > couldn't find anything online. The docu

Rate Limiting support in Tomcat 9.x

Hello, https://tomcat.apache.org/ I see rate limiting support added in Tomcat 10.1.9 . (Side note: The Apache Tomcat Project is proud to announce the release of version 10.1.8 of Apache Tomcat - I think it should be 10.1.9) Are there any plans to add this filter in 9.x? Could an enhancement

Re: [External] Re: Rate Limiting support in Tomcat 9.x

21:16, Amit Pande wrote: > Hello, > > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftomcat.apache.org%2F=05%7C01%7CAmit.Pande%40veritas.com%7C0da8e5a4fd5e45bc1dd608db5b5f8404%7Cfc8e13c0422c4c55b3eaca318e6cac32%7C0%7C0%7C638204238018843721%

Setting security response headers when Valve returns error..

Hello, Wanted some inputs on setting HSTS (or other response headers) when returning error from a valve. The server.xml has the valve "org.apache.catalina.valves.RemoteAddrValve" configured with a deny status of HTTP 404. Also, the Tomcat's web.xml has

Using dedicated SSL handshake failure logger

Hello all, Facing an odd issue with logging the SSL handshake details: I have this in my logging.properties: handlers = 1catalina.org.apache.juli.AsyncFileHandler .handlers = 1catalina.org.apache.juli.AsyncFileHandler 1catalina.org.apache.juli.AsyncFileHandler.level = FINE

RE: [External] Re: Supporting Proxy Protocol in Tomcat

and willing to help out! On Mon, Jul 24, 2023 at 11:22 AM Amit Pande wrote: > Thank you, Chris, again for inputs. > And sorry to circle back on this, late. > > One related question is - does it make sense to use the patch attached > in > https://bz.apache.org/bugzilla/sho

RE: [External] Re: Supporting Proxy Protocol in Tomcat

Missed to ask this: Looking the patch, it involves modifying Tomcat code. Was wondering if it would be possible to refactor this patch and/or allow Tomcat core code to extend and plug-in the proxy protocol support? Thanks, Amit -Original Message- From: Amit Pande Sent: Wednesday, July

RE: [External] Re: Supporting Proxy Protocol in Tomcat

to parse the header >>> (reading via the read() methods on SocketWrapperBase) >>> - sets the cached values for remoteAddr, remoteHost, >>> remotePort etc >>> - The SocketProcessor.doRun() implementations add a call to this new >>> method ju

RE: [External] Re: Supporting Proxy Protocol in Tomcat

] Re: Supporting Proxy Protocol in Tomcat Amit, On 5/10/23 12:59, Amit Pande wrote: > Yes, we intended to have Tomcat run behind a (transparent) TCP proxy e.g. > https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/ip_transparency > which supports the proxy

RE: [External] Re: Using dedicated SSL handshake failure logger

-Original Message- From: Mark Thomas Sent: Thursday, August 3, 2023 2:14 PM To: users@tomcat.apache.org Subject: [External] Re: Using dedicated SSL handshake failure logger On 03/08/2023 16:53, Amit Pande wrote: > What am I missing in the logger configuration? Do we have to have the cons

RE: [External] Re: listening all local addresses by default is not security best practice

My apologies if I missed any conclusion here. >From the description of address attribute on HTTP connector: "For servers with more than one IP address, this attribute specifies which address will be used for listening on the specified port. By default, the connector will listen all local

RE: [External] Re: Supporting Proxy Protocol in Tomcat

Proxy Protocol in Tomcat On 28/07/2023 19:21, Amit Pande wrote: > Thank you all for the valuable discussion on this topic. > > Is it okay to say that we're agreeing to adding proxy protocol support in > Tomcat? I think that is a little too strong. At this point there is a propo

RE: [External] Re: Supporting Proxy Protocol in Tomcat

: Christopher Schultz Sent: Monday, May 8, 2023 3:40 PM To: users@tomcat.apache.org Subject: [External] Re: Supporting Proxy Protocol in Tomcat Amit, On 5/4/23 16:07, Amit Pande wrote: > We have a similar requirement as mentioned in the below enhancement request. > > https://bz.a/ &g

Supporting Proxy Protocol in Tomcat

Hello, We have a similar requirement as mentioned in the below enhancement request. https://bz.apache.org/bugzilla/show_bug.cgi?id=57830 Is there any plan to add this support in Tomcat in future releases? Also, since this was requested long time back and there is no update, are there any

RE: JAVA -tomcat- Request header is too large

, On 12/11/23 11:32, Amit Pande wrote: > Mark, Chris, > > What request ID we're referring to here? Perhaps, I missed some documentation? > > How do we enable it? Request-id is available in Tomcat 11.0 and 10.1 at the moment. Are you using either of those? I'm not seeing an

RE: JAVA -tomcat- Request header is too large

Mark, Chris, What request ID we're referring to here? Perhaps, I missed some documentation? How do we enable it? Thanks, Amit -Original Message- From: Mark Thomas Sent: Monday, December 11, 2023 3:06 AM To: users@tomcat.apache.org Subject: Re: JAVA -tomcat- Request header is too

Regression in mutual authentication in 9.0.86+?

Hello all, I have upgraded the Tomcat version from 9.0.85 to 9.0.86 (and tried with 9.0.87 too). Some of our tests which involve on mutual authentication ("certificateVerification = optional") have started to fail. In tests where the client does pass the certificate, I didn't see any SSL

RE: Regression in mutual authentication in 9.0.86+?

/2024 00:48, Amit Pande wrote: > Hello all, > > I have upgraded the Tomcat version from 9.0.85 to 9.0.86 (and tried with > 9.0.87 too). > > Some of our tests which involve on mutual authentication > ("certificateVerification = optional") have started to fail. > >

Migrating from Tomcat 9.0.x to 10.1.x

Hello, I am in the process of migrating from Tomcat 9 (9.0.87) to Tomcat 10.1 (10.1.20). https://tomcat.apache.org/migration-10.1.html Using the migration tool, I have migrated the applications (which use Spring libraries 5.x). While testing the migrated apps( which use web socket), ran into:

RE: Migrating from Tomcat 9.0.x to 10.1.x

the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you believe this is a phishing email, use the Report to Cybersecurity icon in Outlook. Amit, On 4/4/24 22:21, Amit Pande wrote: > I am in the process of migrating from Tom