DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log --- Additional Comments From [EMAIL PROTECTED] 2003-08-01 00:32 --- Remy: the servlet javadoc has the following for getServerPort(): Returns the port number on which this request was received. For HTTP servlets, same as the value of the CGI variable SERVER_PORT. The SERVER_PORT variable should store The TCP port on which the server is running. (http://developer.netscape.com/docs/manuals/js/server/jsref/toplev.htm#1109561). That would seem to indicate that if getServerPort() is returning 80 when the request comes in on TCP port 8080, it's a bug. Ryan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2003-08-01 02:30 --- Fixed in 4.1.27. Now HTTP/1.0 requests without a Host header report the configured port, instead of assuming that it is 80 or 443. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log --- Additional Comments From [EMAIL PROTECTED] 2003-05-30 18:56 --- It seems that the getServerPort() method returns the port as specified in the Host header of the received message, not the port of the connector through which the request arrived. This seems to be a huge security issue. I am currently using a filter in my code to verify that a request arrived on a particular port (for security reasons) and am actually only verifying that the Host header says it came in on the port. It would be trivial for a client to spoof my code if I were to rely on the getServerPort() method as implemented. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log --- Additional Comments From [EMAIL PROTECTED] 2003-05-30 19:38 --- getServerName and getServerPort come from the Host header. Virtual hosting basics. For security, you should be using isSecure, getRemoteUser/Principal, getRemoteAddress, getRemoteHost. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|NEW --- Additional Comments From [EMAIL PROTECTED] 2003-04-04 14:15 --- I'm trying a reassign to see if that gets any action. Why this bug fix is important: For messaging components, we use a non- standard port to force mutual certificate authentication. The code must make a check to verify it's on the correct port to be assured the authentication has occurred. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log --- Additional Comments From [EMAIL PROTECTED] 2003-02-14 18:16 --- I'm seeing this bug in Tomcat 4.1.(12|18): ... Feb 12, 2003 4:23:58 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Feb 12, 2003 4:23:58 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on tcp port 8009 ... AuthType: null ContextPath: /formstk Method: GET PathInfo: null PathTranslated: null QueryString: null RequestURI: /formstk/query RequestURL: http://localhost/formstk/query ServletPath: /query Protocol: HTTP/1.0 ServerName: localhost Scheme: http ServerPort: 80 ... This is from a tiny servlet that just dumps some of the HttpServletRequest.get* methods. Jetty reports the correct values. I would expect this to be a fairly severe bug; it's enough to bring /our/ project to a grinding halt. This occurs in: jakarta-tomcat-4.1.12-LE-jdk14 jakarta-tomcat-4.1.18 java version 1.4.0_01 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0_01-b03) Java HotSpot(TM) 64-Bit Server VM (build 1.4.0_01-b03, mixed mode) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 13172] - Port incorrect in getServerPort and in access log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
