-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ed,
On 3/5/2009 12:02 PM, Edward Song wrote:
> Regardless, I recently wrote a java filter to filter IP's at the application
> level, which replicates the valve functionality.
> http://j2eewebprogrammer.blogspot.com/2008/12/filtering-ip-traffic-using-j
I'm always a few days behind the thread, but wanted to share.
If I had only known that I can configure the Valve at the Context level
(from Chuck's prior email).
Regardless, I recently wrote a java filter to filter IP's at the application
level, which replicates the valve functionality.
http://j2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zak,
On 2/27/2009 9:28 PM, Zak Mc Kracken wrote:
> I'd like to filter incoming requests with this criterion:
>
> if it's www.somewhere.com -> OK
> else if it's 1.2.3.4 -> OK
> else -> KO
You could always use our favorite urlrewrite tool:
http://tuck
> From: Gregor Schneider [mailto:rc4...@googlemail.com]
> Subject: Re: RemoteAddrValve and RemoteHostValve
>
> I understood that there was one open issue that Zac
> needed to combine a hostname and IP-adress
Early in the thread, someone pointed out that there's never any nee
Hi Chuck,
On Mon, Mar 2, 2009 at 3:07 PM, Caldarale, Charles R
wrote:
> Since a working setup was already provided, why not just use that?
>
Ehem - was it? I understood that there was one open issue that Zac
needed to combine a hostname and IP-adress - which was not possible
since both RemoteAdr
> From: Gregor Schneider [mailto:rc4...@googlemail.com]
> Subject: Re: RemoteAddrValve and RemoteHostValve
>
> Have you ever thought about fronting Tomcat with Apache HTTPD, then
> connecting it via mod_jk?
Are you serious? You want to add complexity and overhead just to control
Thanks Gregor, that's very interesting for production environments. I'll
try it.
Cheers.
M.
Gregor Schneider wrote:
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken wrote:
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming fro
On Mon, Mar 2, 2009 at 11:25 AM, Zak Mc Kracken wrote:
> Gregor Schneider wrote:
>>
>> you've been asking the valve-stuff because you want to limit the
>> access to requests coming from localhost only?
>
> Yep!
>
>> why then not make tomcat listen on localhost only? configuration for
>> that's a w
Gregor Schneider wrote:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
Yep!
why then not make tomcat listen on localhost only? configuration for
that's a walk in the park...
My Tomcat is serving a number of webapps, I want t
On Sun, Mar 1, 2009 at 6:05 PM, Zak Mc Kracken wrote:
>
> Yes, but localhost-only is simpler in my case.
>
ehem, still not sure if i got you right:
you've been asking the valve-stuff because you want to limit the
access to requests coming from localhost only?
why then not make tomcat listen on lo
Gregor wrote:
marc,
do i understand you correct that you only whant to accept requests from
"localhost"?
I have a Java web application that computes some data from an existing
Java-based infrastructure and output it as simple plain text. The output
is intended to be consumed by other PHP app
Thanks again.
André Warnier wrote:
It would in my view make a lot more sense to have a single Remote Access
Valve to which one could specify, in "allow" or "deny", a hostname
AND/OR an IP address expression. Like
deny=".*\.badguys.com,10\.20\.30\.0" />
That's how it works in Apache httpd, and
marc,
do i understand you correct that you only whant to accept requests
from "localhost"?
next: wouldn't authorization solve your problem?
rgds
gregor
Am 28.02.2009 um 19:14 schrieb Zak Mc Kracken :
Thank you all for replies and detailed explanation. Now I understand
what's happening. My
Zak Mc Kracken wrote:
..., although it seems to imply
that RemoteHostValve should be avoided (isn't DNS reverse lookup
cached?)
Well, I suppose it probably is, at some level. At the level of the
Remote Host Valve possibly, if the designers thought about it, or else
at some underlying level.
Thank you all for replies and detailed explanation. Now I understand
what's happening. My specific problem is restrict a single web
application to clients coming from localhost only. This was not working
(everything blocked):
I am using a Mac and, after your replies, I tried to see wh
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: RemoteAddrValve and RemoteHostValve
>
> What I'm getting at, is that if you want to accept requests from
> "www.somewhere.com"
It's not clear to me whether the OP wants to check the origin or the
de
Zak Mc Kracken wrote:
[...]
Let's try this another way.
You want to allow requests from either www.somewhere.com, or one or more
IP addresses, and block all the rest.
First, filtering requests on the base of a DNS hostname is "expensive" :
it forces Tomcat to do a reverse DNS lookup. That
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.: tell
Gregor Schneider wrote:
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Thanks for replying. Maybe it's me, but what I gather from the
documentation is that it's not possible to combine the two filters as I
want, i.e.: tel
What in the documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html) is the
part you don't understand?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.d
On Feb 27, 2009, at 9:28 PM, Zak Mc Kracken wrote:
Hi all,
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com -> OK
else if it's 1.2.3.4 -> OK
else -> KO
Is it possible to do that by combining RemoteHostValve and
RemoteAddrValve? How? I simply tried to write
Hi all,
I'd like to filter incoming requests with this criterion:
if it's www.somewhere.com -> OK
else if it's 1.2.3.4 -> OK
else -> KO
Is it possible to do that by combining RemoteHostValve and
RemoteAddrValve? How? I simply tried to write them one after another,
but all is blocked, it seems t
22 matches
Mail list logo
