Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 88511 invoked from network); 25 Dec 2010 20:02:45 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 25 Dec 2010 20:02:45 -0000 Received: (qmail 11050 invoked by uid 500); 25 Dec 2010 20:02:42 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 10990 invoked by uid 500); 25 Dec 2010 20:02:42 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 10981 invoked by uid 99); 25 Dec 2010 20:02:42 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Dec 2010 20:02:42 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 25 Dec 2010 20:02:39 +0000 Received: (qmail 88498 invoked by uid 99); 25 Dec 2010 20:02:18 -0000 Received: from localhost.apache.org (HELO [192.168.23.9]) (127.0.0.1) (smtp-auth username markt, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Dec 2010 20:02:18 +0000 Message-ID: <4D164DC7.20204@apache.org> Date: Sat, 25 Dec 2010 20:02:15 +0000 From: Mark Thomas User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: Tomcat 7 & regex References: <4D14E7C0.9060705@apache.org> <4D154D94.5050507@apache.org> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 25/12/2010 13:37, Konstantin Kolinko wrote: > 1) It it were configurable, in certain places it makes sense to use > space as a separator (e.g. in IP addresses). > -> any whitespace? -> \w+ and we end up with using a regex to split a > list of regexes. Yes, space could work but I'd rather stick to what folks expect of standard regex. | achieves the same result but is standard regex. > 2) It might make sense to require regex expressions to be surrounded by '/'. > E.g. "/192\.168\.1\.\d{1,3}/" is a regex, but "192.168.1.17" is a literal value. I'd rather Tomcat 7 moved towards an existing standard rather than tried to create a new one. > 3) I wonder if it makes sense to manipulate RequestFilterValve though > JMX. E.g. to add/remove some filtering patterns at runtime. It is certainly something I can see would be useful - e.g. reacting to an attacker. Making that dynamic should be do-able with care. > Mark, are there other places than RequestFilterValve and its > subclasses (RemoteAddrValve, RemoteHostValve) where you are planning > this change? It was actually RemoteIpValve that got me started on this. You can't explicitly set the default since it uses ',' in the regex but we also split using ','. I wanted to fix that and moving to a single regex fixes that and removes any chance of any similar gotchas in the future. > There this feature can be configurable. E.g. if split='' then > splitting is not performed at all. I do not see why we should force > users to use a single regex only. All it really does is force users to use the standard regex of '|' where they currently use ','. > Having a single regex by default is OK with me, but forcing a single > regex saves too little in performance of > RequestFilterValve.process(..) (removes iterating over an array but > adds a null check). I don't have any hard numbers but I suspect matching a single regex using '|' is going to be faster than matching multiple. Probably not by much. The code simplification is pretty minor too. > [OT] Merry X'mas +1 to all. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org