James,
On 12/10/21 11:52, James H. H. Lampert wrote:
On 12/10/21 8:38 AM, Mark Thomas wrote:
. . .
The messages are there to warn you that you might have a malicious
actor trying a brute force attack on your server.
Can anybody point me to a good tutorial for constructing a regular
expression for RemoteAddrValve?
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"
obviously can't work for a server that's incapable of running a browser
Anything can be a "browser" such as curl (a real HTTP client), telnet,
nc, or openssl s_client. No GUI is required; only an available network
connection.
and at any rate, I can't make head or tail of the regular expression
syntax in use here.
The regular expression is pretty simple: Tomcat checks that the client's
IP address "matches" the regular expression.
In the expression above, the | characters separate alternatives: any of
them could match, separately. The \ characters are escapes, turning a
"." (which usually means "any character") into a literal dot. So this
doesn't match if the client's IP address is (improbably) "127a1b1c1d1"
but only matches legitimate (for now[1]) "local" 127.x.y.z IPv4 addresses.
The addresses ::1 and 0:0:0:0:0:0:0:1 are aliases of each other and mean
"localhost". So the pattern above says "anyone local matches this."
Note that it's vitally important that if you have any reverse-proxies in
front of Tomcat that the client's *real* IP address is being forwarded
to Tomcat in a secure way. Otherwise, if you maybe had e.g. httpd
running on the same host as Tomcat, all requests might look like they
were coming "from" localhost instead of random.your.isp.net.
Hope that helps,
-chris
[1] https://www.ietf.org/id/draft-schoen-intarea-unicast-127-00.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
