As a P.S. :
Maybe you should also look at this, to see if it would fit your needs :
http://tomcat.apache.org/tomcat-8.0-doc/proxy-howto.html
André Warnier wrote:
Paul Klinkenberg wrote:
Hi Tomcat users!
I have been working on an update for a Tomcat valve called mod_cfml.
The project aims to provide automatic web context creation in Tomcat,
when coming from a frontend webserver.
The live code base can be found at https://github.com/utdream/mod_cfml
<https://github.com/utdream/mod_cfml>
One of the features I wanted to add, is adding an IP restriction in
the valve (see github
<https://github.com/paulklinkenberg/mod_cfml/commit/dab058b7f38f98a6e7f076323e3d23be476e6de6>).
While testing, I noticed that AJP works very well: it hides the IP
address of the caller, which is the front-end Apache webserver, and
instead returns the IP of the remote client / the client who called
the frontend webserver.
I have been digging around quite a lot, but have not been able to find
the Apache httpd IP address :-(
My question is hopefully simple to answer: can I retrieve the IP
address which called the AJP connector, from within the valve?
My server.xml is:
<Server port="8005" shutdown="SHUTDOWN">
<Listener
className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
/>
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">
<Valve
className="mod_cfml.core"
loggingEnabled="true"
waitForContext="10"
maxContexts="9999"
timeBetweenContexts="0"
scanClassPaths="false"
allowedIPs="127.0.0.1,192.168.1.52" />
</Host>
</Engine>
</Service>
</Server>
Thanks in advance for your time!
Kind regards,
Paul Klinkenberg
The Netherlands
p.s. I asked this question, in other wording, on SackOverflow.com
<http://sackoverflow.com/> as well. I hope I have better luck here ;-)
http://stackoverflow.com/questions/29858030/where-can-i-find-the-apache-httpd-server-ip-from-within-a-tomcat-valve-when-ajp
<http://stackoverflow.com/questions/29858030/where-can-i-find-the-apache-httpd-server-ip-from-within-a-tomcat-valve-when-ajp>
Hi.
With Apache httpd and mod_jk as front-end, you have (at least) 2 options :
- set an additional HTTP request header at the Apache httpd level,
before the request is proxied to the back-end Tomcat
- set a "JkEnvVar" value at the at the Apache httpd level, before the
request is proxied to Tomcat
You can then retrieve these set values at the Tomcat level, either by
parsing the request headers, or by retrieving a "request attribute"
corresponding to the JkEnvVar.
The JkEnvVar/attribute method is probably more efficient in a mod_jk
context; the HTTP header solution is more portable, since it does not
depend on specifically mod_jk being used as a connector.
Presumably, when at the Apache httpd level you decide to proxy a request
to a back-end Tomcat, you know through which interface you'll do it, and
what its IP address is, and you can put it into one of the things above.
Is that enough info to get you started ?
Caveat : one part I am not quite sure of, is what things you do have
easy access to, at the level of a Valve. The above is what you'd do at
a webapp level, I hope it is also accessible at your Valve level.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org