-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 11/1/18 09:23, André Warnier (tomcat) wrote:
> On 01.11.2018 13:34, Mark Thomas wrote:
>> On 01/11/2018 12:23, André Warnier (tomcat) wrote:
>>> On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would
On 01.11.2018 13:34, Mark Thomas wrote:
On 01/11/2018 12:23, André Warnier (tomcat) wrote:
On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would like to configure ip address with subnet
in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
anyone help in how
On 01/11/2018 12:23, André Warnier (tomcat) wrote:
> On 01.11.2018 12:35, Madhur Khurana wrote:
>> Hi,
>>
>> I am using tomcat8 and would like to configure ip address with subnet
>> in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
>> anyone help in how to configure subnet in allow
On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would like to configure ip address with subnet in
RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can anyone help in
how to configure subnet in allow field.
The page at
Thomas Scheer wrote:
Hi,
Is there a way to block whole countries (e.g. Sudan) by ip-ranges and/or CIDR
data? (in regex it would be a mess of data)
In CIDR Format:
# Country: SUDAN
# ISO Code: SD
# Total Networks: 19
# Total Subnets: 283,904
41.67.0.0/18
41.78.108.0/22
41.79.24.0/22
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas,
On 3/8/12 4:47 AM, Thomas Scheer wrote:
Is there a way to block whole countries (e.g. Sudan) by ip-ranges
and/or CIDR data? (in regex it would be a mess of data)
My spidey sense it tingling. I swear we discussed this.
Aah, here it is:
Jonathan Mast wrote:
How do I specify wildcards in the RemoteAddrValue declaration?
The Tomcat docs says it uses the java.util.regex package, so i wrote a test
case like this:
String patternStr = 192.168.*.*;
String searchStr = 192.168.1.2;
Pattern p =
From: Jonathan Mast [mailto:jhmast.develo...@gmail.com]
Subject: RemoteAddrValve syntax
The Tomcat docs says it uses the java.util.regex package
But you apparently didn't read the doc for java.util.regex, which is not
anything like the wildcards you tried to use:
André Warnier wrote:
[...]
To match any address starting with 192.168., use
Valve className=org.apache.catalina.valves.RemoteAddrValve
allow=192\.168\..*/
or (if you want to be really finicky about it)
Valve className=org.apache.catalina.valves.RemoteAddrValve
I looked at the javadocs for the RemoteAddrValve and they provided no
further clarity on the syntax issue.
You're right, my test case mistakenly returned a false positive, .* could
match anything its true and their is no common sense wildcard in the Java
Regex package. I looked at the javadoc
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's a walk in the park...
My Tomcat is serving a number of webapps, I want
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken zakmc...@yahoo.it wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's
Thanks Gregor, that's very interesting for production environments. I'll
try it.
Cheers.
M.
Gregor Schneider wrote:
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken zakmc...@yahoo.it wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to
From: Gregor Schneider [mailto:rc4...@googlemail.com]
Subject: Re: RemoteAddrValve and RemoteHostValve
Have you ever thought about fronting Tomcat with Apache HTTPD, then
connecting it via mod_jk?
Are you serious? You want to add complexity and overhead just to control
access to one webapp
Hi Chuck,
On Mon, Mar 2, 2009 at 3:07 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
Since a working Valve setup was already provided, why not just use that?
Ehem - was it? I understood that there was one open issue that Zac
needed to combine a hostname and IP-adress - which was not
From: Gregor Schneider [mailto:rc4...@googlemail.com]
Subject: Re: RemoteAddrValve and RemoteHostValve
I understood that there was one open issue that Zac
needed to combine a hostname and IP-adress
Early in the thread, someone pointed out that there's never any need to specify
a host name
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zak,
On 2/27/2009 9:28 PM, Zak Mc Kracken wrote:
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com - OK
else if it's 1.2.3.4 - OK
else - KO
You could always use our favorite urlrewrite tool:
Thanks again.
André Warnier wrote:
It would in my view make a lot more sense to have a single Remote Access
Valve to which one could specify, in allow or deny, a hostname
AND/OR an IP address expression. Like
Valve className=x allow=localhost,www.mydomain.com,192\.168\.1
Gregor wrote:
marc,
do i understand you correct that you only whant to accept requests from
localhost?
I have a Java web application that computes some data from an existing
Java-based infrastructure and output it as simple plain text. The output
is intended to be consumed by other PHP
On Sun, Mar 1, 2009 at 6:05 PM, Zak Mc Kracken zakmc...@yahoo.it wrote:
Yes, but localhost-only is simpler in my case.
ehem, still not sure if i got you right:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
why then not make
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.:
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.:
Zak Mc Kracken wrote:
[...]
Let's try this another way.
You want to allow requests from either www.somewhere.com, or one or more
IP addresses, and block all the rest.
First, filtering requests on the base of a DNS hostname is expensive :
it forces Tomcat to do a reverse DNS lookup. That
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: RemoteAddrValve and RemoteHostValve
What I'm getting at, is that if you want to accept requests from
www.somewhere.com
It's not clear to me whether the OP wants to check the origin or the
destination; the original description
Thank you all for replies and detailed explanation. Now I understand
what's happening. My specific problem is restrict a single web
application to clients coming from localhost only. This was not working
(everything blocked):
Context
Valve
Zak Mc Kracken wrote:
..., although it seems to imply
that RemoteHostValve should be avoided (isn't DNS reverse lookup
cached?)
Well, I suppose it probably is, at some level. At the level of the
Remote Host Valve possibly, if the designers thought about it, or else
at some underlying level.
marc,
do i understand you correct that you only whant to accept requests
from localhost?
next: wouldn't authorization solve your problem?
rgds
gregor
Am 28.02.2009 um 19:14 schrieb Zak Mc Kracken zakmc...@yahoo.it:
Thank you all for replies and detailed explanation. Now I understand
On Feb 27, 2009, at 9:28 PM, Zak Mc Kracken wrote:
Hi all,
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com - OK
else if it's 1.2.3.4 - OK
else - KO
Is it possible to do that by combining RemoteHostValve and
RemoteAddrValve? How? I simply tried to write
Christopher Schultz wrote:
[...]
I see that tuckey's urlrewrite library can probably do this for me
(redirect somewhere else if the address doesn't match), but it seems a
bit overkill.
I recommend though. The setup is very easy and flexible, and the author
claims it is very light-weight. I
Found the problem. The docBase path was wrong. The server node in the
file tree was a hangover from Tomcat 5.
Mark Leone wrote:
Is RemoteAddrValve broken in 6.0.16? I have the following in
manager.xml, located at %catalina_home%\Conf\Catalina\Localhost.
Context
probably that path attribute is wrong, correct? Not needed on 5x?
-Original Message-
From: Niki Diulgerov [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 10:57 AM
To: Tomcat Users List
Subject: RemoteAddrValve
Hello there,
Using tomcat 5.5.25 + jdk1.5.0_13
By default
Probably wrong?
but I saw almost the same example here
http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
so cant understand what's wrong ...I'm using completely fresh
installation of 5.5.25 whthout any changes except these mentioned here
Best regards,
Nikolay Diulgerov
Network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Barry,
Propes, Barry L wrote:
probably that path attribute is wrong, correct? Not needed on 5x?
Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but
installing a context.xml file.
- -chris
-BEGIN PGP SIGNATURE-
Version:
hmmm...ok...what is the one that is forgone in that version? The docBase?
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 11:36 AM
To: Tomcat Users List
Subject: Re: RemoteAddrValve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: RemoteAddrValve
Propes, Barry L wrote:
probably that path attribute is wrong, correct? Not needed on 5x?
Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but
installing a context.xml file.
Nope, the path
PROTECTED]
Telephone : +33 4 89 87 77 77
Fax : +33 4 89 87 77 00
Web: http://www.codix-france.com
Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: RemoteAddrValve
Propes, Barry L wrote:
probably that path attribute is wrong, correct
From: Niki Diulgerov [mailto:[EMAIL PROTECTED]
Subject: Re: RemoteAddrValve
if I remove the Valve directive there is no error...
Valve classname=org.apache.catalina.valves.RemoteAddrValve
allow=192.9.202.231/
It's className, not classname. Case matters.
- Chuck
THIS COMMUNICATION
oh so I did recall correctly! ; ) Thought I'd seen Chuck punch that through a
time or two. : )
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 11:48 AM
To: Tomcat Users List
Subject: RE: RemoteAddrValve
From: Christopher
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: RemoteAddrValve
Propes, Barry L wrote:
probably that path attribute is wrong, correct? Not needed on 5x?
Yes, it's necessary, since the OP
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: RemoteAddrValve
I'm an idiot.
End of the month - time to reboot :-)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
no you're not dude! You've helped me a lot! I've told you so before!
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 4:11 PM
To: Tomcat Users List
Subject: Re: RemoteAddrValve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck
42 matches
Mail list logo