at 5:41 PM, Cyrille Le Clerc
wrote:
> Hi Christopher,
>
> Changing the existing AccessLogValve to use a logger would have an impact on
> performances with the creation of intermediate String objects and keeping
> backward compatibility on the access logs files management (naming,
&g
; approach would require
substantial efforts.
Cyrille
On Thu, Dec 12, 2013 at 2:56 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Cyrille,
>
> On 12/12/13, 3:56 AM, Cyrille Le Clerc wrote:
> >
ce library.
The only help I need is the split of the AccessLogValve to reuse the
formatting logic.
Cyrille
On Thu, Dec 12, 2013 at 11:42 AM, Brian Burch wrote:
>
> On 12/12/13 08:56, Cyrille Le Clerc wrote:
>>
>> Hello Christopher,
>>
>> Delegating to log4j/logbac
HA256
>
> Cyrille,
>
> On 12/11/13, 1:49 PM, Cyrille Le Clerc wrote:
> > Dear Tomcat community,
> >
> > We at CloudBees implemented a SyslogAccessLogValve that outputs
> > the access logs to a syslog server.
> >
> > The support of Syslog is more detailed
Dear Tomcat community,
We at CloudBees implemented a SyslogAccessLogValve that outputs the
access logs to a syslog server.
The support of Syslog is more detailed that what we can usually find
in java logging libraries as it allows to
* configure all the syslog header fields: appName, source hostn
Hello Gautam,
I recommend you to have a look at Hyperic HQ (1). I had very good
experiences with it, including a big french telco operator which has
been using it for more than three years nearly 100 Tomcat JVMs.
VMWare/SpringSource is investing a lot on Hyperic HQ, the Open
Source / Comm
ing
'internalProxies' attribute and rely on the default that trusts all
the class A, B & C private IP addresses.
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
On Thu, Jun 17, 2010 at 2:41 AM, Matt Peterson wrote:
>
> Hi All,
>
>
>
&
tWriteResponseBody' event is that I tried my best to implement
in ExpiresFilter the same behavior as in Apache Httpd mod_expires.
Cyrille
On Mon, Mar 29, 2010 at 8:32 PM, Cyrille Le Clerc wrote:
>
> Thanks for your fast feedbacks Christopher,
>
> I updated the patch proposed on
know if this proposal is interesting.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
(1) http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote IP Valve
(2) will be available in Tomcat 7 in /config/filter.html
(3)
http://tomcat.apache.org/tomcat-6.0-doc
t 3:20 PM, Christopher Schultz
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Cyrille,
>
> On 3/26/2010 12:43 PM, Cyrille Le Clerc wrote:
> > I have proposed with bugzilla 48998 a port of Apache mod_expires in
> > Java as ExpiresFilter Servlet Filte
://issues.apache.org/bugzilla/show_bug.cgi?id=48998
I would be very happy to work on enhancing this proposal if the
project is interested.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
-
To unsubscribe, e-mail
My mistake on port 80 without being root, I never used jsvc ; I relied
on startup.sh.
Cyrille
On Mon, Mar 15, 2010 at 1:53 PM, André Warnier wrote:
> Cyrille Le Clerc wrote:
>>
>> #4 I slightly disagree with André on asking Tomcat to listen on port
>> 80 ; I am very reluc
Hello Melanie,
I share André's vision :
#1 To get the root context http://www.robotronics.org/ forwarded to
Tomcat, the easiest way is to declare your java application as the
root context of your Tomcat (either naming it ROOT.war or declaring it
with path="" in server.xml according to your
-match/
http://blog.xebia.fr/2009/05/05/tomcat-adresse-ip-de-linternaute-load-balancer-reverse-proxy-et-header-http-x-forwarded-for/
http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/
Hope this helps, good luck
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://b
to look at the "ProxyPreserveHost On" directive
in Apache configuration (2).
If you use It would look like :
ProxyPreserveHost On
ProxyPass /mypath http://localhost:8080/mypath
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1) see http://httpd.
ot;https"
...
..
ProxyPreserveHost On
ProxyPass /mypath balancer://myapplicationssl/mypath stickysession=JSESSIONID
TOMCAT CONFIGURATION
=
...
...
Hope this helps,
Cyrille
On Th
in version 6.0.24
of Tomcat and is available for previous versions in a separate jar
(2).
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
(1)
http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/
(2) http://code.google.com/p/xebia-france/wiki/Rem
Hello Paulwintech,
I suggest you to have a look at Hyperic. It is a very interesting tool and
you can extend it quite easily with custom JMX MBeans.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
On Mon, Feb 8, 2010 at 2:01 PM, Leon Rosenberg <
rosenberg.l...@googlemail.com> wrote:
> H
eanup this ThreadLocal.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
(1)
http://fisheye6.atlassian.com/browse/commons/proper/lang/trunk/src/java/org/apache/commons/lang/builder/ToStringStyle.java?r=594386#l136
On Tue, Feb 2, 2010 at 2:44 PM, Mark Thomas wrote:
>
> On 02/02/2010 13:
insights on this problem, I am very interested.
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
Environment : apache-tomcat-6.0.24, Java HotSpot(TM) Server VM (build
11.3-b02, mixed mode), hyperic-agent-4.1.2-1053, Linux 2.6.9-78.ELlargesmp
HYPERIC AGENT ERROR MESSAGE
2010
including this
valve will hopefully be released very soon ; vote has started on the
tomcat-dev mailing list just before christmas.
Don't hesitate to ask questions if the docs aren't clear enough,
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xe
the two firsts jsps as I mostly monitor Tomcat and
application specific MBeans, not very much JVM MBeans (except via
Hyperic).
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1) : java.lang:type=Runtime, java.lang:type=OperatingSystem,
java.lang:type=
\
-Dcom.sun.management.jmxremote.port=6969 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false
JMX listen port 6969 is configurable.
All details at http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl
tocol,
all the network device can speak it, I can troubleshoot it with telnet
and curl, ... :-)
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
On Wed, Nov 25, 2009 at 12:09 PM, David Cassidy wrote:
> Cyrille,
>
> Nice if you've got that sort of money.
> it is q
slation is quite good (2).
My preference is to use a level 7 load balancer in front of Apache
httpd servers with mod_proxy_http+mod_proxy_balancer and then Tomcat
servers. Of course, this topology is not always the best one but is
very often relevant.
Hope this helps,
Cyrille
--
Cyrill
Httpd and Load Balancer layers. The
document is written in french but the google translation is quite good
(3).
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1) http://code.google.com/p/xebia-france/wiki/RemoteIpValve
(2)
http://blog.xebia.fr/2009/11/13/t
proxy-that-is-not-the-load-balancer"
Does it make sense ?
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
On Wed, Oct 21, 2009 at 6:57 AM, Elli Albek wrote:
>
> A question: How do you know that a proxy is trusted? Is it by providing a
>
aced with a Filter API. I feel interfaces (HttpServletRequest &
HttpServletResponse) will be much more easy to manipulate than the
current implementations (Request, Response).
Hopr this clarifies my message,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.c
quirements as it is granted to "The original author or
authors ..." but it can be changed with pleasure.
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
On Sun, Sep 27, 2009 at 11:13 AM, Mark Thomas wrote:
>
>
one day, I will find time to blog about it with clear schemas ;
it will be much more easy to understand than long sentences :-)
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
-
To
Hello Christopher,
> > I am afraid there may be a flaw in the algorythm looking for the
> > first IP of the coma delimited x-forwarded-for header without
> > ensuring that this first IP has been set by a trusted proxy and not by
> > the requester ( getFirstIP(xforwardedForHeaderValue) ). Su
and at the WAR level with a servlet
filter : RemoteIpValve (4) and XForwardedFilter (5). In addition to
handle X-Forwarded-For, they also integrate X-Forwarded-Proto (ssl).
These java ports integrate the same trusted proxies concept to prevent
spoofing.
Cyrille
--
Cyrille Le Clerc
clecl...@xeb
RemoteIpValve
(https://issues.apache.org/bugzilla/show_bug.cgi?id=47330) .
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr cyri...@cyrilleleclerc.com
http://blog.xebia.fr
On Mon, Oct 5, 2009 at 12:43 PM, Elli Albek wrote:
>
> - Original Message -
> From: Christopher Schu
ubclassing
org.springframework.security.securechannel.SecureChannelProcessor. We use
the second on production today, I added the small piece of code at the end
of this email for the people who would be intesrested.
Cyrille
--
Cyrille Le Clerc
cyrille.lecl...@pobox.com clecl...@xebia.fr
http://blog.xebia.fr
pu
pache/catalina/connector/RemoteIpValve.java
On Tue, Jun 23, 2009 at 12:40 AM, Mark Thomas wrote:
> Cyrille Le Clerc wrote:
>> Thanks very much for the time you spend on my problem Christopher.
>>
>> I use two connectors : one with secure=true and scheme=http ; another
>> with s
Thanks very much for the time you spend on my problem Christopher.
I use two connectors : one with secure=true and scheme=http ; another
with secured=true, scheme=https.
> What is the requirement that scheme=http? You can actually use a
> (non-secure) HTTP connector and still set scheme=https. Do
Thanks for your response Christopher,
> > Could we imagine an evolution of Tomcat to generate secure session
> > cookies if "request.scheme == https" rather than on "request.secure ==
> > true" ? I would be very pleased to propose a patch.
>
> Do you have a reason to set request.secure=false wh
han "https".
Due to this secure JSESSIONID cookie for non SSL http requests,
clients like "Apache Http Client" won't retransmit the cookie for
between requests.
I hope my usecase is clearer.
Cyrille
On Sun, Jun 21, 2009 at 12:52 PM, Cyrille Le Clerc
wrote:
>
;secure" requests whose remoteAddr matches the 10.*
block.
Cyrille
(1) See
http://fisheye6.atlassian.com/browse/tomcat/trunk/java/org/apache/catalina/connector/Request.java?r=HEAD#l2367
(2) web browsers, Apache Commons Http client, etc
--
Cyrille Le Clerc
cyrille.lecl...@pobox.com clecl...@xebia
39 matches
Mail list logo
