Am 12.04.21 um 15:49 schrieb Bourdais Nicolas: > We are hosting our tomcats on windows vms behind a reverse proxy and have > enabled RemoteIPValve. > In the same time we have many hardware which talk to tomcat through a vpn. > Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53) > and our apps running on hardware through vpn had difficulties to talk to > tomcat. > > We identified that these difficulties came from very slow localname > resolution in RemoteIpValve when calling through vpn. > We added vpn IP to hosts file of our tomcat’s vms which resolved our errors. > > We found that these behaviour appeared with tomcat 8.5.44 and was a > consequence of the new feature in RemoteIPValve and RemoteIpFilter : 'support > x-forwarded-host’ id 57665. > Since this feature the valve begins by resolving localname (along remoteAddr, > remoteHost, serverName etc…) which in our case is time consuming (> 5 s) and > leads to communication errors > > Is this behaviour expected and necessary ? > Could localName be resolved only if changeLocalName is set to true ?
How is your connector configured? Has it an attribute enableLookups (set to true)? Felix > Should I comment on bugzilla ? > > > Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis > a l'intention exclusive de ses destinataires. > Si vous recevez ce message par erreur, merci de le detruire et d'en avertir > immediatement l'expediteur par e-mail. > Toute utilisation de ce message non conforme a sa destination, toute > diffusion ou toute publication, totale ou partielle, est interdite, sauf > autorisation expresse. Les communications sur Internet n'etant pas > securisees, l'expediteur informe qu'il ne peut accepter aucune responsabilite > quant au contenu de ce message. > This mail message and attachments (the "message") are solely intended for the > addresses. It is confidential in nature. > If you receive this message in error, please delete it and immediately notify > the sender by e-mail. > Any use other than its intended purpose, dissemination or disclosure, either > whole or partial, is prohibited except if formal approval is granted. As > communication on the Internet is not secure, the sender does not accept > responsibility for the content of this message. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
OpenPGP_signature
Description: OpenPGP digital signature