Re: internalProxies regex

2018-01-18 Thread Harrie Robins
topher Schultz [mailto:ch...@christopherschultz.net] > > Verzonden: 09 January 2018 00:25 > > Aan: users@tomcat.apache.org > > Onderwerp: Re: internalProxies regex > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > Harrie, > > >

RE: internalProxies regex

2018-01-12 Thread Harrie Robins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harrie, On 1/5/18 3:47 AM, Harrie Robins wrote: > our tomcat application server are fronted by 1. cloudflare, and 2. > amazon load balancer. In apache there is mod_remote IP and I can > simply put in CIDR range: https://www.cloudflar

Re: internalProxies regex

2018-01-08 Thread Harrie Robins
, Felix Schumacher mailto:felix.schumac...@internetallee.de> > wrote: Am 05.01.2018 um 15:43 schrieb Harrie Robins: All clear. I apologize, I was in fact not masking the backslashes, I did a wrong copy paste from the pattern I was using in my test I tested the following 2 patterns: ^103\.21\.

Re: internalProxies regex

2018-01-05 Thread Harrie Robins
> Am 05.01.2018 um 09:47 schrieb Harrie Robins: > >> Hi Mark, >> >> our tomcat application server are fronted by 1. cloudflare, and 2. amazon >> load balancer. >> In apache there is mod_remote IP and I can simply put in CIDR range: >> https://www.cloudflare.

Re: internalProxies regex

2018-01-05 Thread Harrie Robins
s and it works. When I set in tomcat however it does not, I have no understanding why not? Hope you understand what I am trying to do. thanks On 2 January 2018 at 19:33, Mark Thomas wrote: > On 02/01/18 09:50, Harrie Robins wrote: > > I'm still having problems with

RE: internalProxies regex

2018-01-02 Thread Harrie Robins
ist of all involved IP addresses and matched those IP addresses: java.util.regex.Matcher / java.util.regex.Pattern, please see https://pastebin.com/Lija7n9k All addresses from the list I created are matching, just not in tomcat. Regards, Harrie -Oorspronkelijk bericht- Van: Har

RE: internalProxies regex

2017-12-21 Thread Harrie Robins
regex 2017-12-20 11:37 GMT+03:00 Harrie Robins : > Hello everyone, > > > > I have a question about the remoteipvalve in tomcat 8.5: > https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valve > s/Remo > teIpValve.html > > > > > internalProxies

internalProxies regex

2017-12-20 Thread Harrie Robins
Hello everyone, I have a question about the remoteipvalve in tomcat 8.5: https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/Remo teIpValve.html internalProxies Regular expression that matches the IP addresses of internal proxies. If they appear in the remoteIpHeader v

Re: Tomcat 7.0.65 + Java 6 Update 121 64-bit - Cipher Suite Names

2016-09-21 Thread Harrie Robins
Please see: https://community.qualys.com/thread/11882 Disable the weak ciphers. The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy is needed when you want to run AES256 (you want this). Regards, Harrie On 21 September 2016 at 12:18, Román Valoria wrote: > Dear all: >

HSTS + TLS redirect resulting in error with psi-probe

2016-07-25 Thread Harrie Robins
on in your browser. * Disabling either HSTS or https forward solves this issue, so this has nothing to do with user roles not being correct. I can't figure out why this is happening. Kind regards, Harrie Robins

RE: Facing issue while configuring SSL

2016-07-12 Thread Harrie Robins
java.lang.Exception: Unable to load certificate key conf/localhost-key.pem (error:02001003:system library:fopen:No such process If I'm correct you are either missing correct rights to this file or it is not in the given location. A second possibility is missing password for key file. SSLPasswor

RE: Encrypted jdbc

2016-04-11 Thread Harrie Robins
:26 To: Tomcat Users List Subject: Re: Encrypted jdbc -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Harrie, On 4/7/16 4:55 PM, Harrie Robins wrote: > I found MySQL easy to setup. I suspect MariaDB would be setup similar, > here a small example: > > Generate keys / certifi

RE: Encrypted jdbc

2016-04-07 Thread Harrie Robins
I found MySQL easy to setup. I suspect MariaDB would be setup similar, here a small example: Generate keys / certificate's: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html Import to keystore (for tomcat): https://dev.mysql.com/doc/connector-j/en/connector-j-reference-using-ssl.htm

RE: HSTS missing from HTTPS server on tomcat 8.0.27

2016-02-08 Thread Harrie Robins
Hello! Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature. In your web.xml httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter hstsEnabled true hstsMaxAgeSeconds 3153

RE: Client TLS 1.2 error for APR

2016-01-13 Thread Harrie Robins
omas [mailto:ma...@apache.org] Sent: woensdag 13 januari 2016 20:59 To: Tomcat Users List Subject: Re: Client TLS 1.2 error for APR On 13/01/2016 18:36, Harrie Robins wrote: > Hi! > > I'm running Tomcat 7.0.65 with APR connector over port 443. Tomcat version - tick Connecto

Client TLS 1.2 error for APR

2016-01-13 Thread Harrie Robins
Hi! I'm running Tomcat 7.0.65 with APR connector over port 443. I'm experiencing trouble with users that connect with IE11 over SSL. Connecting and browsing works fine, but sometimes a white screen with this error pops up. Once they disable TLS 1.2 everything works fine: This page can't be dis