RE: Tomcat 8 RemoteIpValve Issues

2016-08-01 Thread Kasa, Nubli 
Hi Chuck,

  I downloaded the following package: 
http://www-us.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.tar.gz

  Simply unpackaged it and started it with /bin/catalina.sh. Nothing was done 
except setting up localhost context and added the RemoteIpValve section in 
server.xml

  This is done on a fresh install Ubuntu 16.04 LTS. 

  It is working now since we added requestAttributesEnabled="true". I 
understand that this is supposed to be the default but it doesn't seem to be 
the case.

-Nubli



-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Sent: Monday, August 1, 2016 2:23 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Tomcat 8 RemoteIpValve Issues

> From: Kasa, Nubli [mailto:mmohd...@iu.edu]
> Subject: RE: Tomcat 8 RemoteIpValve Issues

> This doesn't seem to be the case with a fresh new install on Tomcat 8 
> on Ubuntu. Our sysadmin also did a fresh install on Redhat with the same 
> result.

Install of what?  A real Tomcat from tomcat.apache.org, or a 3rd-party 
repackaged (and reconfigured) version?  For the latter, you may need to consult 
with the 3rd party, since they've been known to change the defaults somewhat 
arbitrarily.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8 RemoteIpValve Issues

2016-08-01 Thread Caldarale, Charles R 
> From: Kasa, Nubli [mailto:mmohd...@iu.edu] 
> Subject: RE: Tomcat 8 RemoteIpValve Issues

> This doesn't seem to be the case with a fresh new install on Tomcat 8 on 
> Ubuntu. Our sysadmin 
> also did a fresh install on Redhat with the same result.

Install of what?  A real Tomcat from tomcat.apache.org, or a 3rd-party 
repackaged (and reconfigured) version?  For the latter, you may need to consult 
with the 3rd party, since they've been known to change the defaults somewhat 
arbitrarily.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8 RemoteIpValve Issues

2016-08-01 Thread Kasa, Nubli 
Chris,

  This doesn't seem to be the case with a fresh new install on Tomcat 8 on 
Ubuntu. Our sysadmin also did a fresh install on Redhat with the same result.

-Nubli

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Sunday, July 31, 2016 8:43 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat 8 RemoteIpValve Issues

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nubli,

On 7/28/16 3:30 PM, Kasa, Nubli wrote:
> It seems that requestAttributesEnabled="true" is required in order to 
> make the valve work.

Note that requestAttributesEnabled="true" is the default. Did you change that 
default?

- -chris

> -Original Message- From: abhij...@apple.com 
> [mailto:abhij...@apple.com] On Behalf Of Abhijit Das Sent:
> Thursday, July 28, 2016 12:37 PM To: Tomcat Users List 
> <users@tomcat.apache.org> Subject: Re: Tomcat 8 RemoteIpValve Issues
> 
> This is how it works for me in Tomcat 8.x (I have hashed out some 
> internal values) (some of my pattern may be redundant)
> 
> 1.2.3.4 will be your LB IP, the IP that is used to talk to the server. 
> typically the MIP or the SNIP.
> 
>  internalProxies="1\.2\.3\.4" trustedProxies="1\.2\.3\.4" 
> remoteIpHeader="X-Forwarded-For" proxiesHeader="x-forwarded-by" 
> requestAttributesEnabled="true"/>
> 
>  directory="/var/xxx/yyy/zzz/logs" prefix=“application_access" 
> suffix=".log" pattern="%t %h %{X-AUSERNAME}o %{Referer}i %l %S 
> %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
> requestAttributesEnabled="true" resolveHosts="false"/>
> 
> And, this is my access log :
> 
> [28/Jul/2016:09:33:57 -0700]- 
>  Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
> AppleWebKit/601.6.16 (KHTML, like Gecko) Version/9.1.1
> Safari/601.6.16  200 POST  HTTP/1.1   instance IP>  443 181 http-nio-8443-exec-13
> 9
> 
> On Jul 28, 2016, at 9:23 AM, Kasa, Nubli <mmohd...@iu.edu> wrote:
> 
> Hi,
> 
> We have been using RemoteIpValve in Tomcat 7 but it stopped working 
> for us in Tomcat 8. Our load balancer will set a header named 
> "X-Cluster-Client-Ip" with the client's IP as its value. We expect the 
> client's IP value would be overwritten as the "remoteAddr" but it is 
> not. It is working for us currently on Tomcat 7 but not on the server 
> with Tomcat 8.
> 
> I even created a fresh VM and install fresh apache-tomcat-8.0.36 on 
> Ubuntu and added the following settings as a test:
> 
>  . . .
> 
>  autoDeploy="true">
> 
>  
> 
> 
>  internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\" 
> remoteIpHeader="X-Cluster-Client-Ip" />
> 
> 
>   className="org.apache.catalina.valves.AccessLogValve"
> directory="logs" prefix="localhost_access_log" suffix=".txt" 
> pattern="%h %{X-Cluster-Client-Ip}i %a %A %l %H %u %t %r 
> %s %b" />
> 
>  
> 
> I then use a browser plugin to set X-Cluster-Client-Ip header with 
> value "156.56.0.1" and GET the page /Home/Status on the same machine 
> that is hosting Tomcat. I got the following results from
> AccessLogValve:
> 
> 192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 -
> [27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274
> 
> %h is still showing my browser IP - 192.168.56.10 
> %{X-Cluster-Client-Ip}i correctly picks up the header value -
> 156.56.0.1 %a picks up my browser "Remote IP address" -
> 192.168.56.10 %A just picks up local IP - 127.0.1.1
> 
> I have other people verified this issue and we can't seem to figure 
> out if we are missing a configuration or if there is a bigger problem. 
> We would appreciate any aid you can give us.
> 
> Thank you, Nubli
> 
> 
> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAled8lkACgkQ9CaO5/Lv0PC2BgCgpUKmD7kMQS2FyKI2YOBCboG1
aTkAoIV6pvffdipdhjI9p0q1EiCUeTMN
=BfdC
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8 RemoteIpValve Issues

2016-07-31 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Nubli,

On 7/28/16 3:30 PM, Kasa, Nubli wrote:
> It seems that requestAttributesEnabled="true" is required in order
> to make the valve work.

Note that requestAttributesEnabled="true" is the default. Did you
change that default?

- -chris

> -Original Message- From: abhij...@apple.com
> [mailto:abhij...@apple.com] On Behalf Of Abhijit Das Sent:
> Thursday, July 28, 2016 12:37 PM To: Tomcat Users List
> <users@tomcat.apache.org> Subject: Re: Tomcat 8 RemoteIpValve
> Issues
> 
> This is how it works for me in Tomcat 8.x (I have hashed out some
> internal values) (some of my pattern may be redundant)
> 
> 1.2.3.4 will be your LB IP, the IP that is used to talk to the
> server. typically the MIP or the SNIP.
> 
>  internalProxies="1\.2\.3\.4" trustedProxies="1\.2\.3\.4" 
> remoteIpHeader="X-Forwarded-For" proxiesHeader="x-forwarded-by" 
> requestAttributesEnabled="true"/>
> 
>  directory="/var/xxx/yyy/zzz/logs" prefix=“application_access" 
> suffix=".log" pattern="%t %h %{X-AUSERNAME}o %{Referer}i %l %S
> %{User-Agent}i %U %s %r %q %A %v %p %b %I %D" 
> requestAttributesEnabled="true" resolveHosts="false"/>
> 
> And, this is my access log :
> 
> [28/Jul/2016:09:33:57 -0700]-
>  Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
> AppleWebKit/601.6.16 (KHTML, like Gecko) Version/9.1.1
> Safari/601.6.16  200 POST  HTTP/1.1   instance IP>  443 181 http-nio-8443-exec-13
> 9
> 
> On Jul 28, 2016, at 9:23 AM, Kasa, Nubli <mmohd...@iu.edu> wrote:
> 
> Hi,
> 
> We have been using RemoteIpValve in Tomcat 7 but it stopped working
> for us in Tomcat 8. Our load balancer will set a header named
> "X-Cluster-Client-Ip" with the client's IP as its value. We expect
> the client's IP value would be overwritten as the "remoteAddr" but
> it is not. It is working for us currently on Tomcat 7 but not on
> the server with Tomcat 8.
> 
> I even created a fresh VM and install fresh apache-tomcat-8.0.36 on
> Ubuntu and added the following settings as a test:
> 
>  . . .
> 
>  autoDeploy="true">
> 
>  
> 
> 
>  internalProxies="\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\" 
> remoteIpHeader="X-Cluster-Client-Ip" />
> 
> 
>   className="org.apache.catalina.valves.AccessLogValve"
> directory="logs" prefix="localhost_access_log" suffix=".txt" 
> pattern="%h %{X-Cluster-Client-Ip}i %a %A %l %H %u %t
> %r %s %b" />
> 
>  
> 
> I then use a browser plugin to set X-Cluster-Client-Ip header with
> value "156.56.0.1" and GET the page /Home/Status on the same
> machine that is hosting Tomcat. I got the following results from
> AccessLogValve:
> 
> 192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 -
> [27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274
> 
> %h is still showing my browser IP - 192.168.56.10
> %{X-Cluster-Client-Ip}i correctly picks up the header value -
> 156.56.0.1 %a picks up my browser "Remote IP address" -
> 192.168.56.10 %A just picks up local IP - 127.0.1.1
> 
> I have other people verified this issue and we can't seem to figure
> out if we are missing a configuration or if there is a bigger
> problem. We would appreciate any aid you can give us.
> 
> Thank you, Nubli
> 
> 
> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAled8lkACgkQ9CaO5/Lv0PC2BgCgpUKmD7kMQS2FyKI2YOBCboG1
aTkAoIV6pvffdipdhjI9p0q1EiCUeTMN
=BfdC
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 8 RemoteIpValve Issues

2016-07-28 Thread Kasa, Nubli 
Abhijit,

  Thank you for your prompt reply. It seems that 
requestAttributesEnabled="true" is required in order to make the valve work. 
Thanks again for your help!

-Nubli

-Original Message-
From: abhij...@apple.com [mailto:abhij...@apple.com] On Behalf Of Abhijit Das
Sent: Thursday, July 28, 2016 12:37 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat 8 RemoteIpValve Issues

This is how it works for me in Tomcat 8.x (I have hashed out some internal 
values) (some of my pattern may be redundant)

1.2.3.4 will be your LB IP, the IP that is used to talk to the server. 
typically the MIP or the SNIP.





And, this is my access log :

[28/Jul/2016:09:33:57 -0700]-  
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.16 (KHTML, 
like Gecko) Version/9.1.1 Safari/601.6.16  200 POST  HTTP/1.1 
   443 181 http-nio-8443-exec-13 9

On Jul 28, 2016, at 9:23 AM, Kasa, Nubli <mmohd...@iu.edu> wrote:

Hi,

We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in 
Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with 
the client's IP as its value. We expect the client's IP value would be 
overwritten as the "remoteAddr" but it is not. It is working for us currently 
on Tomcat 7 but not on the server with Tomcat 8.

I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and 
added the following settings as a test:


.
.
.



   
   


   


   
   

 


I then use a browser plugin to set X-Cluster-Client-Ip header with value 
"156.56.0.1" and GET the page /Home/Status on the same machine that is hosting 
Tomcat. I got the following results from AccessLogValve:

192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - 
[27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274

%h is still showing my browser IP - 192.168.56.10 %{X-Cluster-Client-Ip}i 
correctly picks up the header value - 156.56.0.1 %a picks up my browser "Remote 
IP address" - 192.168.56.10 %A just picks up local IP - 127.0.1.1

I have other people verified this issue and we can't seem to figure out if we 
are missing a configuration or if there is a bigger problem. We would 
appreciate any aid you can give us.

Thank you,
Nubli

Re: Tomcat 8 RemoteIpValve Issues

2016-07-28 Thread Abhijit Das 
This is how it works for me in Tomcat 8.x (I have hashed out some internal 
values) (some of my pattern may be redundant)

1.2.3.4 will be your LB IP, the IP that is used to talk to the server. 
typically the MIP or the SNIP.





And, this is my access log :

[28/Jul/2016:09:33:57 -0700]-  
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.16 (KHTML, 
like Gecko) Version/9.1.1 Safari/601.6.16  200 POST  HTTP/1.1 
   443 181 http-nio-8443-exec-13 9

On Jul 28, 2016, at 9:23 AM, Kasa, Nubli  wrote:

Hi,

We have been using RemoteIpValve in Tomcat 7 but it stopped working for us in 
Tomcat 8. Our load balancer will set a header named "X-Cluster-Client-Ip" with 
the client's IP as its value. We expect the client's IP value would be 
overwritten as the "remoteAddr" but it is not. It is working for us currently 
on Tomcat 7 but not on the server with Tomcat 8.

I even created a fresh VM and install fresh apache-tomcat-8.0.36 on Ubuntu and 
added the following settings as a test:


.
.
.



   
   


   


   
   

 


I then use a browser plugin to set X-Cluster-Client-Ip header with value 
"156.56.0.1" and GET the page /Home/Status on the same machine that is hosting 
Tomcat. I got the following results from AccessLogValve:

192.168.56.10 156.56.0.1 192.168.56.10 127.0.1.1 - HTTP/1.1 - 
[27/Jul/2016:16:59:11 -0400] "GET /Home/Status HTTP/1.1" 200 12274

%h is still showing my browser IP - 192.168.56.10
%{X-Cluster-Client-Ip}i correctly picks up the header value - 156.56.0.1
%a picks up my browser "Remote IP address" - 192.168.56.10
%A just picks up local IP - 127.0.1.1

I have other people verified this issue and we can't seem to figure out if we 
are missing a configuration or if there is a bigger problem. We would 
appreciate any aid you can give us.

Thank you,
Nubli