, Cyrille Le Clerc
clecl...@cloudbees.com wrote:
Hi Christopher,
Changing the existing AccessLogValve to use a logger would have an impact on
performances with the creation of intermediate String objects and keeping
backward compatibility on the access logs files management (naming,
rotation
Cyrille,
On 12/11/13, 1:49 PM, Cyrille Le Clerc wrote:
Dear Tomcat community,
We at CloudBees implemented a SyslogAccessLogValve that outputs
the access logs to a syslog server.
The support of Syslog is more detailed that what we can usually
find in java logging libraries
help I need is the split of the AccessLogValve to reuse the
formatting logic.
Cyrille
On Thu, Dec 12, 2013 at 11:42 AM, Brian Burch br...@pingtoo.com wrote:
On 12/12/13 08:56, Cyrille Le Clerc wrote:
Hello Christopher,
Delegating to log4j/logback/java.util.logging could be an option
would require
substantial efforts.
Cyrille
On Thu, Dec 12, 2013 at 2:56 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cyrille,
On 12/12/13, 3:56 AM, Cyrille Le Clerc wrote:
Hello Christopher,
Delegating to log4j/logback
Dear Tomcat community,
We at CloudBees implemented a SyslogAccessLogValve that outputs the
access logs to a syslog server.
The support of Syslog is more detailed that what we can usually find
in java logging libraries as it allows to
* configure all the syslog header fields: appName, source
Hello Gautam,
I recommend you to have a look at Hyperic HQ (1). I had very good
experiences with it, including a big french telco operator which has
been using it for more than three years nearly 100 Tomcat JVMs.
VMWare/SpringSource is investing a lot on Hyperic HQ, the Open
Source /
omitting
'internalProxies' attribute and rely on the default that trusts all
the class A, B C private IP addresses.
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
On Thu, Jun 17, 2010 at 2:41 AM, Matt Peterson matt.peter...@une.edu.au wrote:
Hi All,
We have
tried my best to implement
in ExpiresFilter the same behavior as in Apache Httpd mod_expires.
Cyrille
On Mon, Mar 29, 2010 at 8:32 PM, Cyrille Le Clerc clecl...@apache.org wrote:
Thanks for your fast feedbacks Christopher,
I updated the patch proposed on Bugzilla 48998 to include your advice
requests with x-forwarded-proto header,
* what are the values of x-forwarded-for and x-forwarded-by headers
Many samples are already available in the javadocs (3), I would be
very happy to adapt them to the docs.
Please let me know if this proposal is interesting.
Cyrille
--
Cyrille Le Clerc
: SHA1
Cyrille,
On 3/26/2010 12:43 PM, Cyrille Le Clerc wrote:
I have proposed with bugzilla 48998 a port of Apache mod_expires in
Java as ExpiresFilter Servlet Filter.
Cool.
I detailed a standalone version of this filter on
http://code.google.com/p/xebia-france/wiki/ExpiresFilter
Hello Melanie,
I share André's vision :
#1 To get the root context http://www.robotronics.org/ forwarded to
Tomcat, the easiest way is to declare your java application as the
root context of your Tomcat (either naming it ROOT.war or declaring it
with path= in server.xml according to your
My mistake on port 80 without being root, I never used jsvc ; I relied
on startup.sh.
Cyrille
On Mon, Mar 15, 2010 at 1:53 PM, André Warnier a...@ice-sa.com wrote:
Cyrille Le Clerc wrote:
#4 I slightly disagree with André on asking Tomcat to listen on port
80 ; I am very reluctant
be to look at the ProxyPreserveHost On directive
in Apache configuration (2).
If you use It would look like :
ProxyPreserveHost On
ProxyPass /mypath http://localhost:8080/mypath
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1) see http://httpd.apache.org
--
Valve className=org.apache.catalina.valves.AccessLogValve
directory=logs pattern=common prefix=access_log.
resolveHosts=false suffix=.txt /
...
/Host
/Engine
/Service
/Server
Hope this helps,
Cyrille
On Thu, Feb 25, 2010 at 5:44 PM, Cyrille Le Clerc
of Tomcat and is available for previous versions in a separate jar
(2).
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
(1)
http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/
(2) http://code.google.com/p/xebia-france/wiki/RemoteIpValve
Hello Paulwintech,
I suggest you to have a look at Hyperic. It is a very interesting tool and
you can extend it quite easily with custom JMX MBeans.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
On Mon, Feb 8, 2010 at 2:01 PM, Leon Rosenberg
rosenberg.l...@googlemail.com wrote:
Hi,
if you
this ThreadLocal.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
(1)
http://fisheye6.atlassian.com/browse/commons/proper/lang/trunk/src/java/org/apache/commons/lang/builder/ToStringStyle.java?r=594386#l136
On Tue, Feb 2, 2010 at 2:44 PM, Mark Thomas ma...@apache.org wrote:
On 02/02/2010 13:31
.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
Environment : apache-tomcat-6.0.24, Java HotSpot(TM) Server VM (build
11.3-b02, mixed mode), hyperic-agent-4.1.2-1053, Linux 2.6.9-78.ELlargesmp
HYPERIC AGENT ERROR MESSAGE
2010-01-25 16:48:49,592 ERROR [Thread-0
including this
valve will hopefully be released very soon ; vote has started on the
tomcat-dev mailing list just before christmas.
Don't hesitate to ask questions if the docs aren't clear enough,
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1
\
-Dcom.sun.management.jmxremote.port=6969 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false
JMX listen port 6969 is configurable.
All details at http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl
monitor Tomcat and
application specific MBeans, not very much JVM MBeans (except via
Hyperic).
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1) : java.lang:type=Runtime, java.lang:type=OperatingSystem,
java.lang:type=Threading, java.lang:type=Memory
is written in french but the google translation is quite good
(3).
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1) http://code.google.com/p/xebia-france/wiki/RemoteIpValve
(2)
http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x
is quite good (2).
My preference is to use a level 7 load balancer in front of Apache
httpd servers with mod_proxy_http+mod_proxy_balancer and then Tomcat
servers. Of course, this topology is not always the best one but is
very often relevant.
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl
it with telnet
and curl, ... :-)
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
On Wed, Nov 25, 2009 at 12:09 PM, David Cassidy da...@twocats.co.uk wrote:
Cyrille,
Nice if you've got that sort of money.
it is quite cool because you can off-load the https part
so some custom
Thanks to this,
- the 99% direct requests will reach Tomcat with x-forwarded-for=@clientIp
- 1% proxyfied requests will reach Tomcat with
x-forwarded-for=@clientIp,
@the-trusted-proxy-that-is-not-the-load-balancer
Does it make sense ?
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri
interfaces (HttpServletRequest
HttpServletResponse) will be much more easy to manipulate than the
current implementations (Request, Response).
Hopr this clarifies my message,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
(1)
http://www.nabble.com
as it is granted to The original author or
authors ... but it can be changed with pleasure.
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
On Sun, Sep 27, 2009 at 11:13 AM, Mark Thomas ma...@apache.org wrote:
Elli Albek wrote
Hello Christopher,
I am afraid there may be a flaw in the algorythm looking for the
first IP of the coma delimited x-forwarded-for header without
ensuring that this first IP has been set by a trusted proxy and not by
the requester ( getFirstIP(xforwardedForHeaderValue) ). Such
long sentences :-)
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
and at the WAR level with a servlet
filter : RemoteIpValve (4) and XForwardedFilter (5). In addition to
handle X-Forwarded-For, they also integrate X-Forwarded-Proto (ssl).
These java ports integrate the same trusted proxies concept to prevent
spoofing.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri
as RemoteIpValve
(https://issues.apache.org/bugzilla/show_bug.cgi?id=47330) .
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
On Mon, Oct 5, 2009 at 12:43 PM, Elli Albek e...@sustainlane.com wrote:
- Original Message -
From
org.springframework.security.securechannel.SecureChannelProcessor. We use
the second on production today, I added the small piece of code at the end
of this email for the people who would be intesrested.
Cyrille
--
Cyrille Le Clerc
cyrille.lecl...@pobox.com clecl...@xebia.fr
http://blog.xebia.fr
public class
to this secure JSESSIONID cookie for non SSL http requests,
clients like Apache Http Client won't retransmit the cookie for
between requests.
I hope my usecase is clearer.
Cyrille
On Sun, Jun 21, 2009 at 12:52 PM, Cyrille Le Clerc
cyrille.lecl...@pobox.com wrote:
Hello,
I am interested in using
Thanks for your response Christopher,
Could we imagine an evolution of Tomcat to generate secure session
cookies if request.scheme == https rather than on request.secure ==
true ? I would be very pleased to propose a patch.
Do you have a reason to set request.secure=false while
Thanks very much for the time you spend on my problem Christopher.
I use two connectors : one with secure=true and scheme=http ; another
with secured=true, scheme=https.
What is the requirement that scheme=http? You can actually use a
(non-secure) HTTP connector and still set scheme=https. Do
/RemoteIpValve.java
On Tue, Jun 23, 2009 at 12:40 AM, Mark Thomasma...@apache.org wrote:
Cyrille Le Clerc wrote:
Thanks very much for the time you spend on my problem Christopher.
I use two connectors : one with secure=true and scheme=http ; another
with secured=true, scheme=https.
What
browsers, Apache Commons Http client, etc
--
Cyrille Le Clerc
cyrille.lecl...@pobox.com clecl...@xebia.fr
http://blog.xebia.fr
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h
37 matches
Mail list logo