Re: Strange problem involving the word "localhost"

2023-09-08 Thread James H. H. Lampert 

On 9/8/23 8:34 AM, Ivano Luberti wrote:
I had similar problem with mod_security installed on servers and apache 
used as proxy.


mod_security intercept the request and if considers it suspicious 
generate a 403 error


Found it.

It's in the AWS WAF. A rule called 
"AWS#AWSManagedRulesCommonRuleSet#EC2MetaDataSSRF_BODY" seems to be the 
problem.


--
JHHL


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Strange problem involving the word "localhost"

2023-09-08 Thread Ivano Luberti 
I had similar problem with mod_security installed on servers and apache 
used as proxy.


mod_security intercept the request and if considers it suspicious 
generate a 403 error


Il 08/09/2023 17:25, James H. H. Lampert ha scritto:
Yesterday, I discovered that our Tomcat-based webapp (running on a 
Amazon AWS) doesn't like the word "localhost."


If I enter it in a text field, through the UI, it won't save the 
record, and if I feed it into our web services, it comes back with a 
403:Forbidden.


My primary hypothesis is that the 403 is coming from an AWS firewall 
rule, because that was the cause of our last 403 problem.


But is there anything in Tomcat that could be doing this?

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/

Strange problem involving the word "localhost"

2023-09-08 Thread James H. H. Lampert 
Yesterday, I discovered that our Tomcat-based webapp (running on a 
Amazon AWS) doesn't like the word "localhost."


If I enter it in a text field, through the UI, it won't save the record, 
and if I feed it into our web services, it comes back with a 403:Forbidden.


My primary hypothesis is that the 403 is coming from an AWS firewall 
rule, because that was the cause of our last 403 problem.


But is there anything in Tomcat that could be doing this?

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org