Re: org.apache.catalina.valves.RemoteHostValve does this work ???

Wed, 30 May 2012 14:12:07 -0700 

Leo Donahue - PLANDEVX wrote:

-----Original Message-----
From: N.s.Karthik [mailto:nskarthi...@gmail.com]
Subject: org.apache.catalina.valves.RemoteHostValve does this work ???

Hi

Spec
JDK1.6
TC : tomcat 6.26
O/s win 7 /Linux (redhat)

I have configured the valve as follows  in  TC /conf/Context.xml

*<Valve className="org.apache.catalina.valves.RemoteHostValve"
             allow="ai-itl-107"
              deny="192.168.8.210" />*

On restart of the TC ... I am denied access at URL

*http://ai-itl-107:8080/*

as   HTTP 403 Error ???

Disabling this valve  the URL works and application is available
normally.

I am confused


with regards
karthik


The docs indicate that you need to use a regular expression pattern for the 
allow and deny attributes.

http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter

allow="ai\-itl\-107"
deny="192\.168\.8\.210"

Does that work?

Leo
In addition, either I am missing something, or there are a couple of strange things in the original post.
The allow/deny of the RemoteHostValve are supposed to mean /from which client/ one can or cannot access this Tomcat Host, on the base of the client's *hostname*. (read http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Host_Filter, as compared to http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter) 

So
1) what does this *request* URL "http://ai-itl-107:8080"; have to do with it all ? is "ai-itl-107" the hostname of the client, or of the server ? 2) what about the IP address in the "deny" part ? should one not be using a hostname here (or use a Remote Address Filter instead) ?
In addition, if one really wants to use the *hostname* of the client to allow or deny access, then one should also make sure that the server, when it resolves the client's IP address to a name, is really getting what is shown up there. Otherwise it will not allow it, which seems to be happening here (but again, maybe I'm confused). 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to