Re: Tomcat proxy configuration for serverside http requests
Dale Ogilvie wrote: Hi, Weird issue, perhaps someone can explain how this might be happening from a tomcat perspective... I have some CXF generated web service client code that calls a web service that operates on an IP whitelist. If I run this code from the shell as the tomcat owner user apache_tomcat on the app server (RHEL6) the webservice reports that the client ip is the app server. This is as expected, it is making a direct http connection to the web service. If I wrap this exact same code in a jsp and deploy it to tomcat 7.0.20 on the app server, where tomcat is running as user apache_tomcat, the client ip is reported as one of our internal proxy servers. This should not be happening. There are no http_proxy environment variables set for either apache_tomcat or root. The tomcat jvm has no -Dhttp.proxy settings. But, it seems that the code running in tomcat is pulling a proxy definition from somewhere. Any ideas where this proxy is coming from? We can't find anything at all on the OS. Is tomcat or java itself proactively searching for available proxies? The only way to get the behaviour we want is to use -Dhttp.proxy and -DnonProxyHosts statements on the tomcat jvm command line. If we do this, we can at least get a proxy on the same continent J Just to complete your report : - is the JVM used in both cases exactly the same ? - are either one of the Tomcats (or both) using the native APR library ? (although I have no idea really if this is relevant or not when a webapp makes its own connections) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat proxy configuration for serverside http requests
On 12/12/2011 09:56, André Warnier wrote: Dale Ogilvie wrote: Hi, Weird issue, perhaps someone can explain how this might be happening from a tomcat perspective... I have some CXF generated web service client code that calls a web service that operates on an IP whitelist. If I run this code from the shell as the tomcat owner user apache_tomcat on the app server (RHEL6) the webservice reports that the client ip is the app server. This is as expected, it is making a direct http connection to the web service. If I wrap this exact same code in a jsp and deploy it to tomcat 7.0.20 on the app server, where tomcat is running as user apache_tomcat, the client ip is reported as one of our internal proxy servers. This should not be happening. There are no http_proxy environment variables set for either apache_tomcat or root. The tomcat jvm has no -Dhttp.proxy settings. But, it seems that the code running in tomcat is pulling a proxy definition from somewhere. Any ideas where this proxy is coming from? We can't find anything at all on the OS. Is tomcat or java itself proactively searching for available proxies? The only way to get the behaviour we want is to use -Dhttp.proxy and -DnonProxyHosts statements on the tomcat jvm command line. If we do this, we can at least get a proxy on the same continent J Just to complete your report : - is the JVM used in both cases exactly the same ? - are either one of the Tomcats (or both) using the native APR library ? (although I have no idea really if this is relevant or not when a webapp makes its own connections) Could the app contain code which uses a specific proxy? p -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: Tomcat proxy configuration for serverside http requests
André Warnier wrote: Just to complete your report : - is the JVM used in both cases exactly the same ? - are either one of the Tomcats (or both) using the native APR library ? (although I have no idea really if this is relevant or not when a webapp makes its own connections) Could the app contain code which uses a specific proxy? p The same Sun 1.6.29 jvm is being used in both instances, and native APR is not involved here. I don't believe app code is to blame as the proxy chosen is not a normal one for our environments. It looks more like it is being discovered to me. I have used CXF code to specifically set the proxy, and nonProxyHosts. If I do this, if the web service host defined in nonProxyHosts it will fall back through the alien proxy. i.e. For Tomcat: 1. No known proxy set: Client IP at the web service appears as proxy A 2. CXF code to set to Proxy B: Client IP is proxy B 3. CXF code to set to Proxy B and App Server hostname in nonProxyhosts: Client IP is proxy A 4. Tomcat jvm -Dhttp.proxy=proxyA and -Dhttp.nonProxyHosts=appserver: Client IP is app server (desired outcome) Whereas the same code running on the console as the tomcat user never uses proxy A, unless specifically asked to in CXF code. I would like to know where that proxy is coming from. Dale - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org