-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paul,
On 5/1/15 11:54 AM, Christopher Schultz wrote: > Paul, > > On 4/30/15 5:21 PM, Paul Klinkenberg wrote: >> You were totally on your way to come to the point where my >> original question was aimed at, and then suddenly, bam, a right >> turn ;-) That happened when you write "getRemoteAddr() Returns >> the Internet Protocol (IP) address of the client or last proxy >> that sent the request." Yes, that is normally the case, but not >> when using AJP. The missing link in the story is the >> "translation" that AJP does: >> -------------------------------------------------------- 1) >> browser --- HTTP ---> httpd front-end 2) httpd front-end --- AJP >> ---> Tomcat-AJP 3) Tomcat-AJP --- HTTP ---> Tomcat-HTTP (and >> back off course: ----> AJP ----> httpd ----> browser ) >> -------------------------------------------------------- I doubt >> whether the AJP connector really sets up an http connection, >> which the arrow "---HTTP--->" implies at position 3). I do know >> that both the servletrequest and the valve present inside the >> http connector, think it is a genuine http request coming from >> the browser-client, not an ajp one. For example, debug results >> show: request.getProtocol() : HTTP/1.1 request.getRemoteAddr() : >> [ip of the browser-client] request.getLocalPort() : 80 <<< not >> 8080! request.getCoyoteRequest().getWorkerThreadName() : >> ajp-nio-8009-exec-1 <<< The _only_ reference I could find to >> anything non-http, but this is a string... And I needed to use >> reflection to get to the coyote request. > >> What I wanted to know, indeed out of intellectual interest, is >> what you described perfectly (even though it was hard to write): >> the ip address of the httpd front-end server. > >> I really don't want to exhaust your time on a hunt for something >> that is just nice to know, but won't be used afterwards. But I >> (again!) much appreciate the time you took to dive into this >> quest I gotten myself into ;) > > I'm trying to figure out why I can't get these request attributes > to show in my env environment, but you should be able to get a > handful of variables from the request attributes: > > https://tomcat.apache.org/connectors-doc/generic_howto/proxy.html#Fine %2 > > 0Tuning > > I can't seem to get those httpd environment variables to show up in > my request attributes. Maybe I'm using the wrong names. It may be because my httpd is on the same host as my Tomcat server that I'm getting confused. Check the value that you get from request.getLocalAddr. It may already be the IP address of the web server, and you could use that as your check criteria. Of course, if you allow AJP connections from anywhere, then you are vulnerable to a rogue AJP proxy merely telling you the IP address you want to see. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVQ6mLAAoJEBzwKT+lPKRYQe4QALU/h3zvTGT5IVLcrjH5IG6W aPKFghkDdOeN0SU0w/Eg99qgoOhMKe1VTQk/LUjVf6HytT4CDgg+ziH7IndD47Z5 eSjUZDHpLs58yBk9QNBliTW4c/1wflJqdk2V+85yFZsQ3sCkwxGdEraF96KX0XYD WGL62SOQKH5rIG/gYMEcwzVBbqYjSzInRB1IWK0m4B7n2Pr/ndg4Cg2SiV1XMC84 Ephe3gN5PMNEQHD7Ch7Bf1s6Ml4xU5OsLMVlXpaYpXBZXjLGZrWb3IcdBdQpmuDI jaFzgB+J/p8hTYgmdDyU2qb5o3KlvWLBIq87eLTk+vyr/JhKMBZBMgSFyi8S5V8V 0IcGQTtmr7j6RXtRf9eef33NVb3Iok+SHWEpY+3mqD/GT9UGAbk0YVXtQGJSca0X DppP9qIquc9RzzJUUQM255BhEgIvdh2ZNBtM/ehZLp2vvEuCqiEgMIWIY6qDGW2h wQCbFeraxFGoYj83yrLv8h3/OPxsz1dpyfv/C3dvKX5EodppqNGEDDWpHPpLdtZu QhOwTKVISfBGZdgnKC6AmoUDm82ils6DPl5iU0j3eBo35faHPEV2RnCoeFGzqfW5 Yipae/f+uSAlllLl/tfEKgWNKmf9s4vsLWRfmSqDLDJkBYSlsApiDNcxGyE/66+Q tTv3MkL5YNyVD18n6+EZ =lSN1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
