RE: org.apache.catalina.valves.RemoteHostValve issue
Please take me off this reply list. Thanks -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 20, 2005 5:01 PM To: Tomcat Users List Subject: Re: org.apache.catalina.valves.RemoteHostValve issue Tony Tomcat wrote: Actually.. according to the documentation the RemoteHostValve and RemoteAddrValve both do the same thing.. They both say... Concrete implementation of RequestFilterValve that filters based on the string representation of the remote client's IP address. The javadoc is exactly the same except the class name. :-P The JavaDocs for RemoteHostValve are wrong. It should say ...filters based on the remote client's hostname. The JavaDocs for RemoteAddrValve are correct. I don't see anything in the JavaDocs that suggests regular expressions should not be used for the allow and deny patterns. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.valves.RemoteHostValve issue
-- Forwarded message -- From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Wed, 17 Aug 2005 08:03:45 +0100 Subject: Re: org.apache.catalina.valves.RemoteHostValve issue Tony Tomcat wrote: Does the RemoteHostValve work? There are no examples in the Tomcat 5 docs and the tomcat 4 docs have the following.. Valve className=org.apache.catalina.valves .RemoteHostValve allow=*.mycompany.com,www.yourcompany.com http://www.yourcompany.com/ / The docs have been updated for 4 and 5 not to use this example. The problem is that . is a special character in a regular expression and needs to be escaped if you want to match a single . character in your input. The regexp docs are the place to read up on this. The following should work but I haven't tried it. Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*mycompany\.com,www\.yourcompany\.com/ Mark Actually.. according to the documentation the RemoteHostValve and RemoteAddrValve both do the same thing.. They both say... Concrete implementation of RequestFilterValve that filters based on the string representation of the remote client's IP address. The javadoc is exactly the same except the class name. :-P Is it safe to say that tomcat doesn't support FQDN filtering (or is this just a typo/(cut-paste) issue? If it does support it are there performance implications since it seems that it would need to do a DNS lookup on all incoming connections.
Re: org.apache.catalina.valves.RemoteHostValve issue
Tony Tomcat wrote: Actually.. according to the documentation the RemoteHostValve and RemoteAddrValve both do the same thing.. They both say... Concrete implementation of RequestFilterValve that filters based on the string representation of the remote client's IP address. The javadoc is exactly the same except the class name. :-P The JavaDocs for RemoteHostValve are wrong. It should say ...filters based on the remote client's hostname. The JavaDocs for RemoteAddrValve are correct. I don't see anything in the JavaDocs that suggests regular expressions should not be used for the allow and deny patterns. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.valves.RemoteHostValve issue
ok. got off my lazy butt and looked at the code. RemoteHostValve uses request.getRequest().getRemoteHost() so just the javadoc needs updating for RemoteHostValve.java. I'm sure this was just a copy of RemoteAddrValve. ;-) Now i just need to figure out how to configure my tomcat to return values for getRemoteHost calls. From: *Tony Tomcat [EMAIL PROTECTED]* Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: *Sep 20, 2005 4:35 PM* Subject: *Re: org.apache.catalina.valves.RemoteHostValve issue* Reply | Reply to all | Forward | Print | Add sender to Contacts list | Trash this message | Show original -- Forwarded message -- From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Wed, 17 Aug 2005 08:03:45 +0100 Subject: Re: org.apache.catalina.valves.RemoteHostValve issue Tony Tomcat wrote: Does the RemoteHostValve work? There are no examples in the Tomcat 5 docs and the tomcat 4 docs have the following.. Valve className=org.apache.catalina.valves .RemoteHostValve allow=*.mycompany.com, www.yourcompany.comhttp://www.yourcompany.com/ / The docs have been updated for 4 and 5 not to use this example. The problem is that . is a special character in a regular expression and needs to be escaped if you want to match a single . character in your input. The regexp docs are the place to read up on this. The following should work but I haven't tried it. Valve className=org.apache.catalina.valves. RemoteHostValve allow=.*mycompany\.com,www\.yourcompany\.com/ Mark Actually.. according to the documentation the RemoteHostValve and RemoteAddrValve both do the same thing.. They both say... Concrete implementation of RequestFilterValve that filters based on the string representation of the remote client's IP address. The javadoc is exactly the same except the class name. :-P Is it safe to say that tomcat doesn't support FQDN filtering (or is this just a typo/(cut-paste) issue? If it does support it are there performance implications since it seems that it would need to do a DNS lookup on all incoming connections.
Re: org.apache.catalina.valves.RemoteHostValve issue
Tony Tomcat wrote: ok. got off my lazy butt and looked at the code. RemoteHostValve uses request.getRequest().getRemoteHost() so just the javadoc needs updating for RemoteHostValve.java. I'm sure this was just a copy of RemoteAddrValve. ;-) Looks like it. I have just committed a fix to CVS. Now i just need to figure out how to configure my tomcat to return values for getRemoteHost calls. http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Look for enableLookups Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.valves.RemoteHostValve issue
Tony Tomcat wrote: Does the RemoteHostValve work? There are no examples in the Tomcat 5 docs and the tomcat 4 docs have the following.. Valve className=org.apache.catalina.valves.RemoteHostValve allow=*.mycompany.com,www.yourcompany.com/ The docs have been updated for 4 and 5 not to use this example. The problem is that . is a special character in a regular expression and needs to be escaped if you want to match a single . character in your input. The regexp docs are the place to read up on this. The following should work but I haven't tried it. Valve className=org.apache.catalina.valves.RemoteHostValve allow=.*mycompany\.com,www\.yourcompany\.com/ Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: org.apache.catalina.valves.RemoteHostValve
Howdy, I already answered this question, FCOL. Put just the subnet without a * as the attribute value. Senor Ruiz's suggestion would also work but it's not what the original poster asked. Yoav Shapira Millennium ChemInformatics -Original Message- From: Rodrigo Ruiz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 27, 2003 4:44 AM To: Tomcat Users List Subject: Re: org.apache.catalina.valves.RemoteHostValve Instead of denying access, try to allow it. I think the valve should accept this syntax: Valve className=... allow=localhost,127.0.0.1,other IPs/ If you only deny access from other intranet computers, you are allowing access from internet HTH, Rodrigo Ruiz Drinkwater, GJ (Glen) wrote: Hi I have tried to put Valve className=org.apache.catalina.valves.RemoteHostValve deny=*.subnet.ac.uk/ in my context but it keeps on throwing an exception Catalina.start: java.lang.IllegalArgumentException: Syntax error in request filter pattern *.subnet.ac.uk Can wild cards be used in this context? Does anybosy know how to only allow the localhost to access the server /context??? Glen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: org.apache.catalina.valves.RemoteHostValve
Hi I have tried to put Valve className=org.apache.catalina.valves.RemoteHostValve deny=*.subnet.ac.uk/ in my context but it keeps on throwing an exception Catalina.start: java.lang.IllegalArgumentException: Syntax error in request filter pattern *.subnet.ac.uk Can wild cards be used in this context? Does anybosy know how to only allow the localhost to access the server /context??? Glen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.valves.RemoteHostValve
Instead of denying access, try to allow it. I think the valve should accept this syntax: Valve className=... allow=localhost,127.0.0.1,other IPs/ If you only deny access from other intranet computers, you are allowing access from internet HTH, Rodrigo Ruiz Drinkwater, GJ (Glen) wrote: Hi I have tried to put Valve className=org.apache.catalina.valves.RemoteHostValve deny=*.subnet.ac.uk/ in my context but it keeps on throwing an exception Catalina.start: java.lang.IllegalArgumentException: Syntax error in request filter pattern *.subnet.ac.uk Can wild cards be used in this context? Does anybosy know how to only allow the localhost to access the server /context??? Glen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: org.apache.catalina.valves.RemoteHostValve
Howdy, The allow and deny attributes of RemoteHostValve are regular expressions. Try deny=my.host.uk for example. As for using the valve for a Context of a Server: it applies wherever you put it in server.xml, so if you put it inside a specific Context the valve will apply only to that context. Yoav Shapira Millennium ChemInformatics -Original Message- From: Drinkwater, GJ (Glen) [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:13 PM To: 'Tomcat Users List' Subject: org.apache.catalina.valves.RemoteHostValve Hi I am trying to only allow localhost to access my tomcat server. I have tried to put Valve className=org.apache.catalina.valves.RemoteHostValve deny=*.my.host.uk/ in my context but it keeps on throwing an exception Catalina.start: java.lang.IllegalArgumentException: Syntax error in request filter pattern *.my.host.uk Can wild cards be used in this context? Does anybosy know how to only allow the localhost to access the server /context??? Glen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: org.apache.catalina.valves.RemoteHostValve
Hi If i specify a host, then i only deny one machine. How do you deny all hosts on a sub net? Glen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: org.apache.catalina.valves.RemoteHostValve
Howdy, By specifying just the subnet. It's a regular expression match. Since you had *.my.host.uk I took my.host.uk. Anything with 'my.host.uk' will be denied. Yoav Shapira Millennium ChemInformatics -Original Message- From: Drinkwater, GJ (Glen) [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:37 PM To: 'Tomcat Users List' Subject: RE: org.apache.catalina.valves.RemoteHostValve Hi If i specify a host, then i only deny one machine. How do you deny all hosts on a sub net? Glen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]