We are hosting our tomcats on windows vms behind a reverse proxy and have enabled RemoteIPValve. In the same time we have many hardware which talk to tomcat through a vpn. Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) and our apps running on hardware through vpn had difficulties to talk to tomcat.
We identified that these difficulties came from very slow localname resolution in RemoteIpValve when calling through vpn. We added vpn IP to hosts file of our tomcat’s vms which resolved our errors. We found that these behaviour appeared with tomcat 8.5.44 and was a consequence of the new feature in RemoteIPValve and RemoteIpFilter : 'support x-forwarded-host’ id 57665. Since this feature the valve begins by resolving localname (along remoteAddr, remoteHost, serverName etc…) which in our case is time consuming (> 5 s) and leads to communication errors Is this behaviour expected and necessary ? Could localName be resolved only if changeLocalName is set to true ? Should I comment on bugzilla ? Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur par e-mail. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'etant pas securisees, l'expediteur informe qu'il ne peut accepter aucune responsabilite quant au contenu de ce message. This mail message and attachments (the "message") are solely intended for the addresses. It is confidential in nature. If you receive this message in error, please delete it and immediately notify the sender by e-mail. Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, the sender does not accept responsibility for the content of this message.
