> -----Message d'origine----- > De : Felix Schumacher <felix.schumac...@internetallee.de> > Envoyé : lundi 12 avril 2021 16:55 > À : users@tomcat.apache.org > Objet : Re: RemoteIpValve resolving localname is really slow > > > Am 12.04.21 um 15:49 schrieb Bourdais Nicolas: > > We are hosting our tomcats on windows vms behind a reverse proxy and have > enabled RemoteIPValve. > > In the same time we have many hardware which talk to tomcat through a > vpn. > > Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) > and our apps running on hardware through vpn had difficulties to talk to > tomcat. > > > > We identified that these difficulties came from very slow localname > resolution in RemoteIpValve when calling through vpn. > > We added vpn IP to hosts file of our tomcat’s vms which resolved our errors. > > > > We found that these behaviour appeared with tomcat 8.5.44 and was a > consequence of the new feature in RemoteIPValve and RemoteIpFilter : > 'support x-forwarded-host’ id 57665. > > Since this feature the valve begins by resolving localname (along > > remoteAddr, remoteHost, serverName etc…) which in our case is time > > consuming (> 5 s) and leads to communication errors > > > > Is this behaviour expected and necessary ? > > Could localName be resolved only if changeLocalName is set to true ? > > How is your connector configured? Has it an attribute enableLookups (set to > true)? > No it doesn't. Here is the configuration:
<Connector port="8602" socketBuffer="64240" disableUploadTimeout="true" connectionTimeout="300000" acceptCount="100" redirectPort="" enableLookups="false" minSpareThreads="25" maxThreads="300" protocol="HTTP/1.1" maxPostSize="-1" maxHttpHeaderSize="8192" compression="force" relaxedPathChars="[]"/> Nicolas > Felix > > > Should I comment on bugzilla ? > > > > > > Ce message et toutes les pieces jointes (ci-apres le "message") sont > > etablis a > l'intention exclusive de ses destinataires. > > Si vous recevez ce message par erreur, merci de le detruire et d'en avertir > immediatement l'expediteur par e-mail. > > Toute utilisation de ce message non conforme a sa destination, toute > diffusion ou toute publication, totale ou partielle, est interdite, sauf > autorisation > expresse. Les communications sur Internet n'etant pas securisees, l'expediteur > informe qu'il ne peut accepter aucune responsabilite quant au contenu de ce > message. > > This mail message and attachments (the "message") are solely intended for > the addresses. It is confidential in nature. > > If you receive this message in error, please delete it and immediately > > notify > the sender by e-mail. > > Any use other than its intended purpose, dissemination or disclosure, either > whole or partial, is prohibited except if formal approval is granted. As > communication on the Internet is not secure, the sender does not accept > responsibility for the content of this message. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > >
