Hello, After searching in all the usual places for a problem I'm having with Tomcat/APR and reverse lookups, I haven't found anything similar, so maybe someone on the list can help...
My setup is a RedHat 5 server (32 bit) running Tomcat 6.0.20 with Tomcat Native 1.1.16 libraries and Sun JDK 1.6.0_14. I've built and installed Tomcat Native as described in http://tomcat.apache.org/native-doc/ The server.xml file has been modified to add enableLookups="true" to the HTTP Connector entry: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" enableLookups="true" redirectPort="8443" /> Now, when the client exists in the DNS, reverse lookups via HttpServletRequest.getRemoteHost() work fine whether or not I'm using APR. The problem is, when attempting a reverse lookup for a client that is not found in the naming service, the behaviour of getRemoteHost() depends on whether or not APR is being used. Specifically, without APR, the method returns the dotted-string form of the IP address (consistent with the doc http://java.sun.com/webservices/docs/1.6/api/javax/servlet/ServletRequest.html#getRemoteHost() ). However, when APR is enabled, the method returns NULL. I can reproduce the problem using a simple test servlet: # cat GetAddress.java import java.io.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; public class GetAddress extends HttpServlet { public void doGet(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{ response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<b><font color='red'>Hostname of request : </font></b>" +request.getRemoteHost()+"<p>"); out.println("<b><font color='blue'>IP Address of request : </font></b>" +request.getRemoteAddr()); } } If LD_LIBRARY_PATH is set to $CATALINA_HOME/lib, catalina.out confirms APR is enabled: 05-Jun-2009 11:09:01 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.16. 05-Jun-2009 11:09:01 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 05-Jun-2009 11:09:02 org.apache.coyote.http11.Http11AprProtocol init From my client unknown to the DNS, the web page shows "Hostname of request: null ... IP Address of request: <client IP address>" Now, after unsetting LD_LIBRARY_PATH and restarting Tomcat (catalina.out confirms APR is not used), a request from the same client correctly shows "Hostname of request: <client IP address>... IP Address of request: <client IP address>" This behaviour with APR is causing problems for a third-party application that relies on identifying the client IP/host for authentication - as the code does not expect NULL from getRemoteHost() it denies access to the client (coming from another company via LAN-to-LAN VPN). Any ideas on how to debug this further? I had a quick look in the APR source but couldn't find any reference to getRemoteHost or enableLookups so I'm not sure where this side effect is coming from. I'd be happy to collect more info and file a bug report if necessary. Thanks in advance - Paul Seed.
