Paul Klinkenberg wrote:
Hi Tomcat users!
I have been working on an update for a Tomcat valve called mod_cfml. The
project aims to provide automatic web context creation in Tomcat, when coming
from a frontend webserver.
The live code base can be found at https://github.com/utdream/mod_cfml
<https://github.com/utdream/mod_cfml>
One of the features I wanted to add, is adding an IP restriction in the valve (see github <https://github.com/paulklinkenberg/mod_cfml/commit/dab058b7f38f98a6e7f076323e3d23be476e6de6>).
While testing, I noticed that AJP works very well: it hides the IP address of the caller, which is the front-end Apache webserver, and instead returns the IP of the remote client / the client who called the frontend webserver.
I have been digging around quite a lot, but have not been able to find the
Apache httpd IP address :-(
My question is hopefully simple to answer: can I retrieve the IP address which
called the AJP connector, from within the valve?
My server.xml is:
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
/>
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">
<Valve
className="mod_cfml.core"
loggingEnabled="true"
waitForContext="10"
maxContexts="9999"
timeBetweenContexts="0"
scanClassPaths="false"
allowedIPs="127.0.0.1,192.168.1.52" />
</Host>
</Engine>
</Service>
</Server>
Thanks in advance for your time!
Kind regards,
Paul Klinkenberg
The Netherlands
p.s. I asked this question, in other wording, on SackOverflow.com
<http://sackoverflow.com/> as well. I hope I have better luck here ;-)
http://stackoverflow.com/questions/29858030/where-can-i-find-the-apache-httpd-server-ip-from-within-a-tomcat-valve-when-ajp
<http://stackoverflow.com/questions/29858030/where-can-i-find-the-apache-httpd-server-ip-from-within-a-tomcat-valve-when-ajp>
Hi.
With Apache httpd and mod_jk as front-end, you have (at least) 2 options :
- set an additional HTTP request header at the Apache httpd level, before the request is
proxied to the back-end Tomcat
- set a "JkEnvVar" value at the at the Apache httpd level, before the request is proxied
to Tomcat
You can then retrieve these set values at the Tomcat level, either by parsing the request
headers, or by retrieving a "request attribute" corresponding to the JkEnvVar.
The JkEnvVar/attribute method is probably more efficient in a mod_jk context; the HTTP
header solution is more portable, since it does not depend on specifically mod_jk being
used as a connector.
Presumably, when at the Apache httpd level you decide to proxy a request to a back-end
Tomcat, you know through which interface you'll do it, and what its IP address is, and you
can put it into one of the things above.
Is that enough info to get you started ?
Caveat : one part I am not quite sure of, is what things you do have easy access to, at
the level of a Valve. The above is what you'd do at a webapp level, I hope it is also
accessible at your Valve level.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org