On Jan 31, 2011, at 3:57 PM, Mark Thomas wrote:
> On 31/01/2011 21:54, Henri Gomez wrote:
>>> Not necessarily. The closest immediate proxy is the last entry in that
>>> list. You might not trust all of the machines in that proxy chain to
>>> provide
>>> legitimate IP details.
>>
>> In my case,
> Patches to RemoteIpFilter/Valve are the place to start. The issue of
> trusted proxies are already handled so the patches should be able to
> take advantage of that.
Good, time to sign my CCLA and I'll work on it :)
-
To unsubs
On 31/01/2011 21:54, Henri Gomez wrote:
>> Not necessarily. The closest immediate proxy is the last entry in that
>> list. You might not trust all of the machines in that proxy chain to provide
>> legitimate IP details.
>
> In my case, x-forwarded-for: 1.2.3.4, 10.122.47.36, 1.2.3.4 was my
> bro
> Not necessarily. The closest immediate proxy is the last entry in that
> list. You might not trust all of the machines in that proxy chain to provide
> legitimate IP details.
In my case, x-forwarded-for: 1.2.3.4, 10.122.47.36, 1.2.3.4 was my
browser IP and 10.122.47.36 EC2 IP.
the Valve is no
On 1/29/2011 1:07 PM, Henri Gomez wrote:
>> I'd certainly like to see some more information on this usage. With more
>> info we can figure out what solution makes the most sense. Anything we
>> can do to make Beanstalk easier to use is good although I would prefer
>> to keep it generic if we can. A
On 29/01/2011 19:07, Henri Gomez wrote:
> host: localhost:8080
> accept:
> application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
> accept-encoding: gzip,deflate,sdch
> accept-language: fr-FR,fr;q=0.8,en-US;q=0.6,
> I'd certainly like to see some more information on this usage. With more
> info we can figure out what solution makes the most sense. Anything we
> can do to make Beanstalk easier to use is good although I would prefer
> to keep it generic if we can. Amazon - if you're reading this - your
> input
On 29/01/2011 12:38, Henri Gomez wrote:
>> FWIW, Paul Fremantle gave a talk at ApacheCon NA this year where he
>> demonstrated Tomcat running behind AWSLB. I'm sure they have figured out
>> what changes are necessary to Tomcat to get it running in that environment.
>
>> Perhaps he's got some code
> FWIW, Paul Fremantle gave a talk at ApacheCon NA this year where he
> demonstrated Tomcat running behind AWSLB. I'm sure they have figured out
> what changes are necessary to Tomcat to get it running in that environment.
> Perhaps he's got some code he would be willing to share. Or, perhaps
> he
Mark and Henri,
On 1/26/2011 4:09 AM, Mark Thomas wrote:
> On 25/01/2011 23:31, Henri Gomez wrote:
>> FYI, it's the kind of valve required by a Tomcat behind Amazon AWS
>> Load Balancer.
>>
>> I'll detail more later but the current ForwardedValve only handle
>> remote (browser) information and not
On 25/01/2011 23:31, Henri Gomez wrote:
>> I've got a very basic valve for now to handle this kind of X-Forwarded
>> situation :
>>
>>
>> public class ForwardedValve extends ValveBase {
>>
>>public void invoke(Request paramRequest, Response paramResponse)
>>throws IOException, Servl
> I've got a very basic valve for now to handle this kind of X-Forwarded
> situation :
>
>
> public class ForwardedValve extends ValveBase {
>
> public void invoke(Request paramRequest, Response paramResponse)
> throws IOException, ServletException {
>
> String header = paramRe
> x-forwarded-proto is already handled.
Exact.
> x-forwarded-host is non-trivial since the mapping is done before the
> valve is invoked. Simpler to do the equivalent of ProxyPreserveHost On
> in the proxy.
>
> x-forwarded-port is not handled directly but x-forwarded-proto does set
> the port bas
On 24/01/2011 10:00, Henri Gomez wrote:
> Hi to all,
>
> I take a look at RemoteIpValve and wonder if they are plan to handle
> also x-forwarded-host, x-forwarded-port and x-forwarded-proto ?
>
> The idea will be to use them to replace
> getLocalName/getLocalPort/getScheme by x-forwarded-host,
>
Hi to all,
I take a look at RemoteIpValve and wonder if they are plan to handle
also x-forwarded-host, x-forwarded-port and x-forwarded-proto ?
The idea will be to use them to replace
getLocalName/getLocalPort/getScheme by x-forwarded-host,
x-forwarded-port and x-forwarded-proto.
The fix should
15 matches
Mail list logo
