-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 11/1/18 09:23, André Warnier (tomcat) wrote:
> On 01.11.2018 13:34, Mark Thomas wrote:
>> On 01/11/2018 12:23, André Warnier (tomcat) wrote:
>>> On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would li
On 01.11.2018 13:34, Mark Thomas wrote:
On 01/11/2018 12:23, André Warnier (tomcat) wrote:
On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would like to configure ip address with subnet
in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
anyone help in how to
On 01/11/2018 12:23, André Warnier (tomcat) wrote:
> On 01.11.2018 12:35, Madhur Khurana wrote:
>> Hi,
>>
>> I am using tomcat8 and would like to configure ip address with subnet
>> in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
>> anyone help in how to configure subnet in allow f
On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would like to configure ip address with subnet in
RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can anyone help in
how to configure subnet in allow field.
The page at http://tomcat.apache.org/tomcat-8.5-doc/co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas,
On 3/8/12 4:47 AM, Thomas Scheer wrote:
> Is there a way to block whole countries (e.g. Sudan) by ip-ranges
> and/or CIDR data? (in regex it would be a mess of data)
My spidey sense it tingling. I swear we discussed this.
Aah, here it is:
ht
Thomas Scheer wrote:
Hi,
Is there a way to block whole countries (e.g. Sudan) by ip-ranges and/or CIDR
data? (in regex it would be a mess of data)
In CIDR Format:
# Country: SUDAN
# ISO Code: SD
# Total Networks: 19
# Total Subnets: 283,904
41.67.0.0/18
41.78.108.0/22
41.79.24.0/22
41.79.120.0/
I looked at the javadocs for the RemoteAddrValve and they provided no
further clarity on the syntax issue.
You're right, my test case mistakenly returned a false positive, ".*" could
match anything its true and their is no "common sense" wildcard in the Java
Regex package. I looked at the javadoc
André Warnier wrote:
[...]
To match any address starting with "192.168.", use
or (if you want to be really finicky about it)
What is not very clear in the on-line Tomcat documentation, is whether a
remote client address of 192.168.1.2 would be translated to the string
"192.168.1.2" by Tomca
> From: Jonathan Mast [mailto:jhmast.develo...@gmail.com]
> Subject: RemoteAddrValve syntax
>
> The Tomcat docs says it uses the java.util.regex package
But you apparently didn't read the doc for java.util.regex, which is not
anything like the wildcards you tried to use:
http://java.sun.com/j2se
Jonathan Mast wrote:
How do I specify wildcards in the RemoteAddrValue declaration?
The Tomcat docs says it uses the java.util.regex package, so i wrote a test
case like this:
String patternStr = "192.168.*.*";
String searchStr = "192.168.1.2";
Pattern p = Pattern.compi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ed,
On 3/5/2009 12:02 PM, Edward Song wrote:
> Regardless, I recently wrote a java filter to filter IP's at the application
> level, which replicates the valve functionality.
> http://j2eewebprogrammer.blogspot.com/2008/12/filtering-ip-traffic-using-j
I'm always a few days behind the thread, but wanted to share.
If I had only known that I can configure the Valve at the Context level
(from Chuck's prior email).
Regardless, I recently wrote a java filter to filter IP's at the application
level, which replicates the valve functionality.
http://j2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zak,
On 2/27/2009 9:28 PM, Zak Mc Kracken wrote:
> I'd like to filter incoming requests with this criterion:
>
> if it's www.somewhere.com -> OK
> else if it's 1.2.3.4 -> OK
> else -> KO
You could always use our favorite urlrewrite tool:
http://tuck
> From: Gregor Schneider [mailto:rc4...@googlemail.com]
> Subject: Re: RemoteAddrValve and RemoteHostValve
>
> I understood that there was one open issue that Zac
> needed to combine a hostname and IP-adress
Early in the thread, someone pointed out that there's never any nee
Hi Chuck,
On Mon, Mar 2, 2009 at 3:07 PM, Caldarale, Charles R
wrote:
> Since a working setup was already provided, why not just use that?
>
Ehem - was it? I understood that there was one open issue that Zac
needed to combine a hostname and IP-adress - which was not possible
since both RemoteAdr
> From: Gregor Schneider [mailto:rc4...@googlemail.com]
> Subject: Re: RemoteAddrValve and RemoteHostValve
>
> Have you ever thought about fronting Tomcat with Apache HTTPD, then
> connecting it via mod_jk?
Are you serious? You want to add complexity and overhead just to control
Thanks Gregor, that's very interesting for production environments. I'll
try it.
Cheers.
M.
Gregor Schneider wrote:
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming fro
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken wrote:
> Gregor Schneider wrote:
>>
>> you've been asking the valve-stuff because you want to limit the
>> access to requests coming from localhost only?
>
> Yep!
>
>> why then not make tomcat listen on localhost only? configuration for
>> that's a w
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's a walk in the park...
My Tomcat is serving a number of webapps, I want t
On Sun, Mar 1, 2009 at 6:05 PM, Zak Mc Kracken wrote:
>
> Yes, but localhost-only is simpler in my case.
>
ehem, still not sure if i got you right:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
why then not make tomcat listen on lo
Gregor wrote:
marc,
do i understand you correct that you only whant to accept requests from
"localhost"?
I have a Java web application that computes some data from an existing
Java-based infrastructure and output it as simple plain text. The output
is intended to be consumed by other PHP app
Thanks again.
André Warnier wrote:
It would in my view make a lot more sense to have a single Remote Access
Valve to which one could specify, in "allow" or "deny", a hostname
AND/OR an IP address expression. Like
deny=".*\.badguys.com,10\.20\.30\.0" />
That's how it works in Apache httpd, and
marc,
do i understand you correct that you only whant to accept requests
from "localhost"?
next: wouldn't authorization solve your problem?
rgds
gregor
Am 28.02.2009 um 19:14 schrieb Zak Mc Kracken :
Thank you all for replies and detailed explanation. Now I understand
what's happening. My
Zak Mc Kracken wrote:
..., although it seems to imply
that RemoteHostValve should be avoided (isn't DNS reverse lookup
cached?)
Well, I suppose it probably is, at some level. At the level of the
Remote Host Valve possibly, if the designers thought about it, or else
at some underlying level.
Thank you all for replies and detailed explanation. Now I understand
what's happening. My specific problem is restrict a single web
application to clients coming from localhost only. This was not working
(everything blocked):
I am using a Mac and, after your replies, I tried to see wh
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: RemoteAddrValve and RemoteHostValve
>
> What I'm getting at, is that if you want to accept requests from
> "www.somewhere.com"
It's not clear to me whether the OP wants to check the origin or the
de
Zak Mc Kracken wrote:
[...]
Let's try this another way.
You want to allow requests from either www.somewhere.com, or one or more
IP addresses, and block all the rest.
First, filtering requests on the base of a DNS hostname is "expensive" :
it forces Tomcat to do a reverse DNS lookup. That
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.: tell
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.: tel
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.d
On Feb 27, 2009, at 9:28 PM, Zak Mc Kracken wrote:
Hi all,
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com -> OK
else if it's 1.2.3.4 -> OK
else -> KO
Is it possible to do that by combining RemoteHostValve and
RemoteAddrValve? How? I simply tried to write
Christopher Schultz wrote:
[...]
I see that tuckey's urlrewrite library can probably do this for me
(redirect somewhere else if the address doesn't match), but it seems a
bit overkill.
I recommend though. The setup is very easy and flexible, and the author
claims it is very light-weight. I ha
Found the problem. The docBase path was wrong. The "server" node in the
file tree was a hangover from Tomcat 5.
Mark Leone wrote:
Is RemoteAddrValve broken in 6.0.16? I have the following in
"manager.xml", located at %catalina_home%\Conf\Catalina\Localhost.
privileged="true"
antiReso
no you're not dude! You've helped me a lot! I've told you so before!
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 4:11 PM
To: Tomcat Users List
Subject: Re: RemoteAddrValve
-BEGIN PGP SIGNED MESSAGE-
Ha
> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> Subject: Re: RemoteAddrValve
>
> I'm an idiot.
End of the month - time to reboot :-)
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
Caldarale, Charles R wrote:
>> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
>> Subject: Re: RemoteAddrValve
>>
>> Propes, Barry L wrote:
>>> probably that path attribute is wrong, correct? Not nee
oh so I did recall correctly! ; ) Thought I'd seen Chuck punch that through a
time or two. : )
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 11:48 AM
To: Tomcat Users List
Subject: RE: RemoteAddrValve
> From: Chr
> From: Niki Diulgerov [mailto:[EMAIL PROTECTED]
> Subject: Re: RemoteAddrValve
>
> if I remove the allow="192.9.202.231"/>
It's className, not classname. Case matters.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERI
Diulgerov
Network Administrator
E-mail: [EMAIL PROTECTED]
Telephone : +33 4 89 87 77 77
Fax : +33 4 89 87 77 00
Web: http://www.codix-france.com
Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re: RemoteAddrValve
Propes, Barry L wrote:
prob
> From: Propes, Barry L [mailto:[EMAIL PROTECTED]
> Subject: RE: RemoteAddrValve
>
> hmmm...ok...what is the one that is forgone in that version?
> The docBase?
No, you were correct about the path attribute, and Chris was mistaken.
The docBase attribute is required since
I removed the path= attribute
looked at the manager.xml file with vi and with the text editor which
midnight commander uses
no strange characters
and if I remove the http://www.codix-france.com
Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Subject: Re
> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> Subject: Re: RemoteAddrValve
>
> Propes, Barry L wrote:
> > probably that path attribute is wrong, correct? Not needed on 5x?
>
> Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but
>
hmmm...ok...what is the one that is forgone in that version? The docBase?
-Original Message-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 11:36 AM
To: Tomcat Users List
Subject: Re: RemoteAddrValve
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Barry,
Propes, Barry L wrote:
> probably that path attribute is wrong, correct? Not needed on 5x?
Yes, it's necessary, since the OP isn't dropping a WAR anywhere, but
installing a context.xml file.
- -chris
-BEGIN PGP SIGNATURE-
Version: Gn
Probably wrong?
but I saw almost the same example here
http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
so cant understand what's wrong ...I'm using completely fresh
installation of 5.5.25 whthout any changes except these mentioned here
Best regards,
Nikolay Diulgerov
Network Adminis
probably that path attribute is wrong, correct? Not needed on 5x?
-Original Message-
From: Niki Diulgerov [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 28, 2007 10:57 AM
To: Tomcat Users List
Subject: RemoteAddrValve
Hello there,
Using tomcat 5.5.25 + jdk1.5.0_13
By default /tomcat
46 matches
Mail list logo
