Jim Barber wrote:
On 16/09/2013 4:46 PM, André Warnier wrote:
Apologies for top posting, just following the trend.
OPTIONS are used quite a bit by e.g. DAV clients.
Won't you want also to add an IP filter then, to be able to block
selectively only the requests from the proxies themselves ?
Cédric Couralet wrote:
Hi,
I'm also interested in a method to filter those OPTIONS.
With the same setup, I basically created my own AccessLogValve wich
does the filtering, something like :
/**
* Don't log request when HTTP Method is one of the exclude List
*/
@Override
public void log(Request request, Response response, long time) {
if
(Arrays.asList(exclude.split(",")).contains(request.getMethod())) {
return;
}
super.log(request, response, time);
}
But there must be something better.
2013/9/16 Jim Barber <jim.bar...@ddihealth.com>:
Hi all.
I'm hoping someone on this list can help me since I've been reading
docs,
mailing lists, FAQs, and so on for hours now, and I'm not having
much luck
finding an answer to my question.
I am using Tomcat version 7.0.42 as packaged in Debian Linux.
In front of my Tomcat servers, I am using haproxy for load balancing.
The haproxy load balancers are using the HTTP OPTIONS request method to
check
if the Tomcat servers are alive and healthy.
This results in log entries like the following in the Tomcat
accesslog file:
10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:12:53 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:12:55 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:12:57 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:12:59 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:13:01 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:13:03 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:13:05 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:13:07 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:13:09 +1000] "OPTIONS / HTTP/1.0" 200 -
10.122.32.4 - - [16/Sep/2013:17:13:11 +1000] "OPTIONS / HTTP/1.0" 200 -
At the moment I'm getting one of these every 2seconds, but I haven't
enabled
the second load balancer for HA purposes yet.
When I do that, I'll be getting twice as many hits of this type.
This is going to result in rather large log files full of noise that
I'm not
interested in.
I've been trying to work out how to filter these out.
Basically I don't want to log anything that is using the HTTP OPTIONS
Request
Method, but still want to log anything else that Tomcat usually logs.
I have a feeling it will come down to modifying the following entry
in the
/etc/tomcat7/server.xml file:
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
Specifically adding the condition="<VALUE>" attribute, but I have no
idea
what to set
<VALUE> to.
The docs say that if ServletRequest.getAttribute(<VALUE>) returns
null for
the
attribute defined in condition, then the item will be logged.
Is there an ServletRequest attribute that is null when the http request
method
is not using "OPTIONS"?
Or am I completely off track and there is a different way to filter
these
access log messages?
Regards,
--
Jim Barber
Hi André.
I'm not sure I follow what you're saying.
I don't want an IP filter, since I need the HTTP OPTIONS check from the
load
balancers to reach the Tomcat servers and a response to come back, or
else the
load balancers will think the tomcat instance is unhealthy.
I just don't want that check to be logged at all.
Although there are other things that use the HTTP OPTIONS check, these load
balancers are only exposed to internal traffic requesting specific servlets
from the Tomcat servers, and so there won't be anything else of interest
using
the HTTP OPTIONS request methods to the Tomcat servers.
Hi Cédric.
What you posted is some Java code that needs to be compiled and then the
resulting class file put somewhere where Tomcat can find it right?
yes.
Is it only partial code where 'exclude' was some sort of pre-populated
comma separated string?
yes, it was only the basic idea.
Just checking as it doesn't look like anything that you can put direct
into a
Tomcat configuration file to me.
Or is it?
No.
There isn't any configuration option currently that I know of, which answers
your need.
So the solution would be indeed to either modify the AccessLogValve code (which is openly
available), or override it (as Cedric seems to have done).
The remark that I made about the filtering of the OPTIONS requests in the logs by origin
IP was generic, not specific to your case.
I do see a lot of such OPTIONS requests being logged also on servers which I manage,
coming from internal watchdog software processes. These are uninteresting for access log
purposes, and it would be nice to be able to filter them out.
On the other hand, and in general, there can also be OPTIONS requests coming from
legitimate clients, which need to be logged.
So I did not suggest to filter all requests via IP, only to selectively log according to
client IP. The IP filtering would only concern the logging, not the request processing.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
