Re: org.apache.catalina.valves.RemoteHostValve issue
On the tomcat-user list (http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg158910.html): Re: org.apache.catalina.valves.RemoteHostValve issue Mark Thomas Tue, 20 Sep 2005 14:09:45 -0700 Tony Tomcat wrote: > ok. got off my lazy butt and looked at the code. RemoteHostValve > uses request.getRequest().getRemoteHost() so just the javadoc > needs updating for RemoteHostValve.java. I'm sure this was just a > copy of RemoteAddrValve. ;-) Looks like it. I have just committed a fix to CVS. > Now i just need to figure out how to configure my tomcat to return > values for getRemoteHost calls. http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Look for enableLookups Mark I have been trying to do this, namely, use a RemoteHostValve to restrict Tomcat to accept connections from only certain hosts. My looks like this: allow="localhost,massah,massah\.sil\.org,massah\.dallas\.sil\.org,isaiah\.wycliffe\.org,it-huttar1\.sil\.org,it-huttar-d820\.sil\.org"/> I also put enableLookups="true" in my connector, as instructed by the documentation link you gave: But Tomcat forbids me to connect, even from localhost. (Localhost is massah.dallas.sil.org.) Earlier I tried the RemoteAddrValve with IP addresses, and was able to get it to work fine. However that won't meet our needs very well, as our various dev machines change IP addresses now and then. Any ideas? Can I somehow trace what hostname Tomcat thinks the request is coming from? I turned on allowTrace in the http connector, as you can see, but I can't find a log file that traces connection attempts. I've looked in all those in Tomcat 5.5\logs. If it matters, I'm on a Windows 2000 Server machine, and running Cocoon as the servlet. I'm running Tomcat 5.5.9. Thanks for your help, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.valves.RemoteHostValve issue
Hi Lars, my guess is that it looks at 127.0.0.1, so adding 127\.0\.0\.1 to the list would solve it or, you can add enableLookups="true" to your element, although, I'm not sure why it just wouldn't look at the Host header Filip Lars Huttar wrote: On the tomcat-user list (http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg158910.html): Re: org.apache.catalina.valves.RemoteHostValve issue Mark Thomas Tue, 20 Sep 2005 14:09:45 -0700 Tony Tomcat wrote: > ok. got off my lazy butt and looked at the code. RemoteHostValve > uses request.getRequest().getRemoteHost() so just the javadoc > needs updating for RemoteHostValve.java. I'm sure this was just a > copy of RemoteAddrValve. ;-) Looks like it. I have just committed a fix to CVS. > Now i just need to figure out how to configure my tomcat to return > values for getRemoteHost calls. http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Look for enableLookups Mark I have been trying to do this, namely, use a RemoteHostValve to restrict Tomcat to accept connections from only certain hosts. My looks like this: className="org.apache.catalina.valves.RemoteHostValve" allow="localhost,massah,massah\.sil\.org,massah\.dallas\.sil\.org,isaiah\.wycliffe\.org,it-huttar1\.sil\.org,it-huttar-d820\.sil\.org"/> I also put enableLookups="true" in my connector, as instructed by the documentation link you gave: maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="2" disableUploadTimeout="true" allowTrace="true"/> But Tomcat forbids me to connect, even from localhost. (Localhost is massah.dallas.sil.org.) Earlier I tried the RemoteAddrValve with IP addresses, and was able to get it to work fine. However that won't meet our needs very well, as our various dev machines change IP addresses now and then. Any ideas? Can I somehow trace what hostname Tomcat thinks the request is coming from? I turned on allowTrace in the http connector, as you can see, but I can't find a log file that traces connection attempts. I've looked in all those in Tomcat 5.5\logs. If it matters, I'm on a Windows 2000 Server machine, and running Cocoon as the servlet. I'm running Tomcat 5.5.9. Thanks for your help, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Filip Hanik
Re: org.apache.catalina.valves.RemoteHostValve issue
Filip Hanik - Dev Lists wrote: Hi Lars, my guess is that it looks at 127.0.0.1, so adding 127\.0\.0\.1 to the list would solve it That worked! Thank you! The weird thing is, for other client machines, the hostname works. But for localhost, only the IP address works, even though I'm using RemoteHostValve instead of RemoteAddrValve. or, you can add enableLookups="true" to your element, It's already there. although, I'm not sure why it just wouldn't look at the Host header Filip Thanks again! Lars Lars Huttar wrote: On the tomcat-user list (http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg158910.html): Re: org.apache.catalina.valves.RemoteHostValve issue Mark Thomas Tue, 20 Sep 2005 14:09:45 -0700 Tony Tomcat wrote: > ok. got off my lazy butt and looked at the code. RemoteHostValve > uses request.getRequest().getRemoteHost() so just the javadoc > needs updating for RemoteHostValve.java. I'm sure this was just a > copy of RemoteAddrValve. ;-) Looks like it. I have just committed a fix to CVS. > Now i just need to figure out how to configure my tomcat to return > values for getRemoteHost calls. http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Look for enableLookups Mark I have been trying to do this, namely, use a RemoteHostValve to restrict Tomcat to accept connections from only certain hosts. My looks like this: allow="localhost,massah,massah\.sil\.org,massah\.dallas\.sil\.org,isaiah\.wycliffe\.org,it-huttar1\.sil\.org,it-huttar-d820\.sil\.org"/> I also put enableLookups="true" in my connector, as instructed by the documentation link you gave: But Tomcat forbids me to connect, even from localhost. (Localhost is massah.dallas.sil.org.) Earlier I tried the RemoteAddrValve with IP addresses, and was able to get it to work fine. However that won't meet our needs very well, as our various dev machines change IP addresses now and then. Any ideas? Can I somehow trace what hostname Tomcat thinks the request is coming from? I turned on allowTrace in the http connector, as you can see, but I can't find a log file that traces connection attempts. I've looked in all those in Tomcat 5.5\logs. If it matters, I'm on a Windows 2000 Server machine, and running Cocoon as the servlet. I'm running Tomcat 5.5.9. Thanks for your help, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]