tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1417624 [12/38] - in /tomcat/site/trunk/docs/tomcat-8.0-doc: ./ api/ appdev/ appdev/sample/ appdev/sample/docs/ appdev/sample/src/ appdev/sample/src/mypackage/ appdev/sample/web/ appdev/sample/web/WEB-INF/ appdev/sample/web/images/ archite...
Date Wed, 05 Dec 2012 20:21:01 GMT
Added: tomcat/site/trunk/docs/tomcat-8.0-doc/config/filter.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-8.0-doc/config/filter.html?rev=1417624&view=auto
==============================================================================
--- tomcat/site/trunk/docs/tomcat-8.0-doc/config/filter.html (added)
+++ tomcat/site/trunk/docs/tomcat-8.0-doc/config/filter.html Wed Dec  5 20:20:35 2012
@@ -0,0 +1,1226 @@
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 8 Configuration Reference (8.0.0-dev) - Container Provided Filters</title><style type="text/css" media="print">
+            .noPrint {display: none;}
+            td#mainBody {width: 100%;}
+        </style><style type="text/css">
+            code {background-color:rgb(224,255,255);padding:0 0.1em;}
+            code.attributeName, code.propertyName {background-color:transparent;}
+        </style><style type="text/css">
+            .wrapped-source code { display: block; background-color: transparent; }
+            .wrapped-source div { margin: 0 0 0 1.25em; }
+            .wrapped-source p { margin: 0 0 0 1.25em; text-indent: -1.25em; }
+        </style><style type="text/css">
+            p.notice {
+                border: 1px solid rgb(255, 0, 0);
+                background-color: rgb(238, 238, 238);
+                color: rgb(0, 51, 102);
+                padding: 0.5em;
+                margin: 1em 2em 1em 1em;
+            }
+        </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="../images/tomcat.gif" align="right" alt="
+    The Apache Tomcat Servlet/JSP Container
+  " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 8</font></h1><font face="arial,helvetica,sanserif">Version 8.0.0-dev, Dec 5 2012</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="../images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap class="noPrint"><p><strong>Links</strong></p><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul><p><strong>Top Level Elements</strong></p><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul><p><strong>Executors</strong></p><ul><li><a href="executor.html">Executo
 r</a></li></ul><p><strong>Connectors</strong></p><ul><li><a href="http.html">HTTP</a></li><li><a href="ajp.html">AJP</a></li></ul><p><strong>Containers</strong></p><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul><p><strong>Nested Components</strong></p><ul><li><a href="globalresources.html">Global Resources</a></li><li><a href="jar-scanner.html">JarScanner</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="valve.html">Valve</a></li></ul><p><strong>Cluster Elements</strong></p><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/M
 embership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul><p><strong>Other</strong></p><ul><li><a href="filter.html">Filter</a></li><li><a href="systemprops.html">System properties</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Container Provided Filters</h1><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Add_Default_Character_Set_Filter">Add Default Character Set Filter</a><ol><li><a href="#Add_Default_Character_Set_Filter/Introduction">Introduction</a></li><li><a href="#Add_Default_Character_Set_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Add_Default_Character_Set_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li><li><a href="#CSRF_Prevention_Filter">CSRF Prevention Filter</a><ol><li><a href="#CSRF_Prevention_Filter/Introduction">Introduction</a></li><li><a href="#CSRF_Prevention_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#CSRF_Prevention_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li><li><a href="#Expires_Filter">Expires Filter</a><ol><li><a href="#Expires_Filter/Introduction">Introduction</a></li><li><a href="#Basic_configuration_sample">Basic configuration sample</a></li><li><a href="#Alternate_Syntax">A
 lternate Syntax</a></li><li><a href="#Expiration_headers_generation_eligibility">Expiration headers generation eligibility</a></li><li><a href="#Expiration_configuration_selection">Expiration configuration selection</a></li><li><a href="#Expires_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Expires_Filter/Initialisation_parameters">Initialisation parameters</a></li><li><a href="#Troubleshooting">Troubleshooting</a></li></ol></li><li><a href="#Remote_Address_Filter">Remote Address Filter</a><ol><li><a href="#Remote_Address_Filter/Introduction">Introduction</a></li><li><a href="#Remote_Address_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Remote_Address_Filter/Initialisation_parameters">Initialisation parameters</a></li><li><a href="#Example">Example</a></li></ol></li><li><a href="#Remote_Host_Filter">Remote Host Filter</a><ol><li><a href="#Remote_Host_Filter/Introduction">Introduction</a></li><li><a href="#Remote_Host_Filter/Filter_Clas
 s_Name">Filter Class Name</a></li><li><a href="#Remote_Host_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li><li><a href="#Remote_IP_Filter">Remote IP Filter</a><ol><li><a href="#Remote_IP_Filter/Introduction">Introduction</a></li><li><a href="#Remote_IP_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Basic_configuration_to_handle_'x-forwarded-for'">Basic configuration to handle 'x-forwarded-for'</a></li><li><a href="#Basic_configuration_to_handle_'x-forwarded-for'_and_'x-forwarded-proto'">Basic configuration to handle 'x-forwarded-for' and 'x-forwarded-proto'</a></li><li><a href="#Advanced_configuration_with_internal_proxies">Advanced configuration with internal proxies</a></li><li><a href="#Advanced_configuration_with_trusted_proxies">Advanced configuration with trusted proxies</a></li><li><a href="#Advanced_configuration_with_internal_and_trusted_proxies">Advanced configuration with internal and trusted proxies</a></li><li><a
  href="#Advanced_configuration_with_an_untrusted_proxy">Advanced configuration with an untrusted proxy</a></li><li><a href="#Remote_IP_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li><li><a href="#Request_Dumper_Filter">Request Dumper Filter</a><ol><li><a href="#Request_Dumper_Filter/Introduction">Introduction</a></li><li><a href="#Request_Dumper_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Request_Dumper_Filter/Initialisation_parameters">Initialisation parameters</a></li><li><a href="#Sample_Configuration">Sample Configuration</a></li></ol></li><li><a href="#Set_Character_Encoding_Filter">Set Character Encoding Filter</a><ol><li><a href="#Set_Character_Encoding_Filter/Introduction">Introduction</a></li><li><a href="#Set_Character_Encoding_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Set_Character_Encoding_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li><li><a href="#WebDAV_
 Fix_Filter">WebDAV Fix Filter</a><ol><li><a href="#WebDAV_Fix_Filter/Introduction">Introduction</a></li><li><a href="#WebDAV_Fix_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#WebDAV_Fix_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li><li><a href="#Failed_Request_Filter">Failed Request Filter</a><ol><li><a href="#Failed_Request_Filter/Introduction">Introduction</a></li><li><a href="#Failed_Request_Filter/Filter_Class_Name">Filter Class Name</a></li><li><a href="#Failed_Request_Filter/Initialisation_parameters">Initialisation parameters</a></li></ol></li></ul>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+  <p>Tomcat provides a number of <strong>Filters</strong> which may be
+  configured for use with all web applications using
+  <code>$CATALINA_BASE/conf/web.xml</code> or may be configured for individual
+  web applications by configuring them in the application's
+  <code>WEB-INF/web.xml</code>. Each filter is described below.</p>
+
+    <blockquote><em>
+    <p>This description uses the variable name $CATALINA_BASE to refer the
+    base directory against which most relative paths are resolved. If you have
+    not configured Tomcat for multiple instances by setting a CATALINA_BASE
+    directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME,
+    the directory into which you have installed Tomcat.</p>
+    </em></blockquote>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Add Default Character Set Filter"><!--()--></a><a name="Add_Default_Character_Set_Filter"><strong>Add Default Character Set Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Add Default Character Set Filter/Introduction"><!--()--></a><a name="Add_Default_Character_Set_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The HTTP specification is clear that if no character set is specified for
+    media sub-types of the "text" media type, the ISO-8859-1 character set must
+    be used. However, browsers may attempt to auto-detect the character set.
+    This may be exploited by an attacker to perform an XSS attack. Internet
+    Explorer has this behaviour by default. Other browsers have an option to
+    enable it.</p>
+
+    <p>This filter prevents the attack by explicitly setting a character set.
+    Unless the provided character set is explicitly overridden by the user the
+    browser will adhere to the explicitly set character set, thus preventing the
+    XSS attack.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Add Default Character Set Filter/Filter Class Name"><!--()--></a><a name="Add_Default_Character_Set_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the Add Default Character Set Filter is
+    <strong><code>org.apache.catalina.filters.AddDefaultCharsetFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Add Default Character Set Filter/Initialisation parameters"><!--()--></a><a name="Add_Default_Character_Set_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The Add Default Character Set Filter supports the following initialization
+    parameters:</p>
+
+    <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">encoding</code></td><td align="left" valign="center">
+        <p>Name of the character set which should be set, if no other character set
+        was set explicitly by a Servlet. This parameter has two special values
+        <code>default</code> and <code>system</code>. A value of <code>system</code>
+        uses the JVM wide default character set, which is usually set by locale.
+        A value of <code>default</code> will use <strong>ISO-8859-1</strong>.</p>
+      </td></tr></table>
+
+  </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="CSRF Prevention Filter"><!--()--></a><a name="CSRF_Prevention_Filter"><strong>CSRF Prevention Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="CSRF Prevention Filter/Introduction"><!--()--></a><a name="CSRF_Prevention_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>This filter provides basic CSRF protection for a web application. The
+    filter assumes that it is mapped to <code>/*</code> and that all URLs
+    returned to the client are encoded via a call to
+    <code>HttpServletResponse#encodeRedirectURL(String)</code> or
+    <code>HttpServletResponse#encodeURL(String)</code>.</p>
+
+    <p>This filter prevents CSRF by generating a nonce and storing it in the
+    session. URLs are also encoded with the same nonce. When the next request is
+    received the nonce in the request is compared to the nonce in the session
+    and only if they are the same is the request allowed to continue.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="CSRF Prevention Filter/Filter Class Name"><!--()--></a><a name="CSRF_Prevention_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the CSRF Prevention Filter is
+    <strong><code>org.apache.catalina.filters.CsrfPreventionFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="CSRF Prevention Filter/Initialisation parameters"><!--()--></a><a name="CSRF_Prevention_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The CSRF Prevention Filter supports the following initialisation
+    parameters:</p>
+
+    <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">denyStatus</code></td><td align="left" valign="center">
+        <p>HTTP response status code that is used when rejecting denied
+        request. The default value is <code>403</code>.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">entryPoints</code></td><td align="left" valign="center">
+        <p>A comma separated list of URLs that will not be tested for the
+        presence of a valid nonce. They are used to provide a way to navigate
+        back to a protected application after having navigated away from it.
+        Entry points will be limited to HTTP GET requests and should not trigger
+        any security sensitive actions.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">nonceCacheSize</code></td><td align="left" valign="center">
+        <p>The number of previously issued nonces that will be cached on a LRU
+        basis to support parallel requests, limited use of the refresh and back
+        in the browser and similar behaviors that may result in the submission
+        of a previous nonce rather than the current one. If not set, the default
+        value of 5 will be used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">randomClass</code></td><td align="left" valign="center">
+        <p>The name of the class to use to generate nonces. The class must be an
+        instance of <code>java.util.Random</code>. If not set, the default value
+        of <code>java.security.SecureRandom</code> will be used.</p>
+      </td></tr></table>
+
+  </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Expires Filter"><!--()--></a><a name="Expires_Filter"><strong>Expires Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Expires Filter/Introduction"><!--()--></a><a name="Expires_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>
+    ExpiresFilter is a Java Servlet API port of <a href="http://httpd.apache.org/docs/2.2/mod/mod_expires.html">Apache
+    mod_expires</a>.
+    This filter controls the setting of the <code>Expires</code> HTTP header and the
+    <code>max-age</code> directive of the <code>Cache-Control</code> HTTP header in
+    server responses. The expiration date can set to be relative to either the
+    time the source file was last modified, or to the time of the client access.
+    </p>
+
+    <p>
+    These HTTP headers are an instruction to the client about the document's
+    validity and persistence. If cached, the document may be fetched from the
+    cache rather than from the source until this time has passed. After that, the
+    cache copy is considered "expired" and invalid, and a new copy must
+    be obtained from the source.
+    </p>
+    <p>
+    To modify <code>Cache-Control</code> directives other than <code>max-age</code> (see
+    <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9">RFC
+    2616 section 14.9</a>), you can use other servlet filters or <a href="http://httpd.apache.org/docs/2.2/mod/mod_headers.html">Apache Httpd
+    mod_headers</a> module.
+    </p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Basic configuration sample"><!--()--></a><a name="Basic_configuration_sample"><strong>Basic configuration sample</strong></a></font></td></tr><tr><td><blockquote>
+    <p>
+    Basic configuration to add '<code>Expires</code>' and '<code>Cache-Control: max-age=</code>'
+    headers to images, css and javascript.
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;filter&gt;
+ &lt;filter-name&gt;ExpiresFilter&lt;/filter-name&gt;
+ &lt;filter-class&gt;org.apache.catalina.filters.ExpiresFilter&lt;/filter-class&gt;
+ &lt;init-param&gt;
+    &lt;param-name&gt;ExpiresByType image&lt;/param-name&gt;
+    &lt;param-value&gt;access plus 10 minutes&lt;/param-value&gt;
+ &lt;/init-param&gt;
+ &lt;init-param&gt;
+    &lt;param-name&gt;ExpiresByType text/css&lt;/param-name&gt;
+    &lt;param-value&gt;access plus 10 minutes&lt;/param-value&gt;
+ &lt;/init-param&gt;
+ &lt;init-param&gt;
+    &lt;param-name&gt;ExpiresByType application/javascript&lt;/param-name&gt;
+    &lt;param-value&gt;access plus 10 minutes&lt;/param-value&gt;
+ &lt;/init-param&gt;
+&lt;/filter&gt;
+...
+&lt;filter-mapping&gt;
+ &lt;filter-name&gt;ExpiresFilter&lt;/filter-name&gt;
+ &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+ &lt;dispatcher&gt;REQUEST&lt;/dispatcher&gt;
+&lt;/filter-mapping&gt;
+
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Alternate Syntax"><!--()--></a><a name="Alternate_Syntax"><strong>Alternate Syntax</strong></a></font></td></tr><tr><td><blockquote>
+    <p>
+    The <code>ExpiresDefault</code> and <code>ExpiresByType</code> directives can also be
+    defined in a more readable syntax of the form:
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresDefault&lt;/param-name&gt;
+ &lt;param-value&gt;&lt;base&gt; [plus] {&lt;num&gt;   &lt;type&gt;}*&lt;/param-value&gt;
+&lt;/init-param&gt;
+
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresByType type&lt;/param-name&gt;
+ &lt;param-value&gt;&lt;base&gt; [plus]   {&lt;num&gt; &lt;type&gt;}*&lt;/param-value&gt;
+&lt;/init-param&gt;
+
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresByType type;encoding&lt;/param-name&gt;
+ &lt;param-value&gt;&lt;base&gt; [plus]   {&lt;num&gt; &lt;type&gt;}*&lt;/param-value&gt;
+&lt;/init-param&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>
+    where <code>&lt;base&gt;</code> is one of:
+    <ul>
+    <li><code>access</code></li>
+    <li><code>now</code> (equivalent to '<code>access</code>')</li>
+    <li><code>modification</code></li>
+    </ul>
+    </p>
+    <p>
+    The <code>plus</code> keyword is optional. <code>&lt;num&gt;</code> should be an
+    integer value (acceptable to <code>Integer.parseInt()</code>), and
+    <code>&lt;type&gt;</code> is one of:
+    <ul>
+    <li><code>years</code></li>
+    <li><code>months</code></li>
+    <li><code>weeks</code></li>
+    <li><code>days</code></li>
+    <li><code>hours</code></li>
+    <li><code>minutes</code></li>
+    <li><code>seconds</code></li>
+    </ul>
+    For example, any of the following directives can be used to make documents
+    expire 1 month after being accessed, by default:
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresDefault&lt;/param-name&gt;
+ &lt;param-value&gt;access plus 1 month&lt;/param-value&gt;
+&lt;/init-param&gt;
+
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresDefault&lt;/param-name&gt;
+ &lt;param-value&gt;access plus 4 weeks&lt;/param-value&gt;
+&lt;/init-param&gt;
+
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresDefault&lt;/param-name&gt;
+ &lt;param-value&gt;access plus 30 days&lt;/param-value&gt;
+&lt;/init-param&gt;
+</pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+<p>
+The expiry time can be fine-tuned by adding several '
+<code>&lt;num&gt; &lt;type&gt;</code>' clauses:
+</p>
+
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresByType text/html&lt;/param-name&gt;
+ &lt;param-value&gt;access plus 1 month 15   days 2 hours&lt;/param-value&gt;
+&lt;/init-param&gt;
+
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresByType image/gif&lt;/param-name&gt;
+ &lt;param-value&gt;modification plus 5 hours 3   minutes&lt;/param-value&gt;
+&lt;/init-param&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>
+    Note that if you use a modification date based setting, the <code>Expires</code>
+    header will <strong>not</strong> be added to content that does not come from
+    a file on disk. This is due to the fact that there is no modification time
+    for such content.
+    </p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Expiration headers generation eligibility"><!--()--></a><a name="Expiration_headers_generation_eligibility"><strong>Expiration headers generation eligibility</strong></a></font></td></tr><tr><td><blockquote>
+    <p>
+    A response is eligible to be enriched by <code>ExpiresFilter</code> if :
+    <ol>
+    <li>no expiration header is defined (<code>Expires</code> header or the
+    <code>max-age</code> directive of the <code>Cache-Control</code> header),</li>
+    <li>the response status code is not excluded by the directive
+    <code>ExpiresExcludedResponseStatusCodes</code>,</li>
+    <li>the <code>Content-Type</code> of the response matches one of the types
+    defined the in <code>ExpiresByType</code> directives or the
+    <code>ExpiresDefault</code> directive is defined.</li>
+    </ol>
+    </p>
+    <p>
+    Note : If <code>Cache-Control</code> header contains other directives than
+    <code>max-age</code>, they are concatenated with the <code>max-age</code> directive
+    that is added by the <code>ExpiresFilter</code>.
+    </p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Expiration configuration selection"><!--()--></a><a name="Expiration_configuration_selection"><strong>Expiration configuration selection</strong></a></font></td></tr><tr><td><blockquote>
+    <p>
+    The expiration configuration if elected according to the following algorithm:
+    <ol>
+    <li><code>ExpiresByType</code> matching the exact content-type returned by
+    <code>HttpServletResponse.getContentType()</code> possibly including the charset
+    (e.g. '<code>text/xml;charset=UTF-8</code>'),</li>
+    <li><code>ExpiresByType</code> matching the content-type without the charset if
+    <code>HttpServletResponse.getContentType()</code> contains a charset (e.g. '
+    <code>text/xml;charset=UTF-8</code>' -&gt; '<code>text/xml</code>'),</li>
+    <li><code>ExpiresByType</code> matching the major type (e.g. substring before
+    '<code>/</code>') of <code>HttpServletResponse.getContentType()</code>
+    (e.g. '<code>text/xml;charset=UTF-8</code>' -&gt; '<code>text</code>
+    '),</li>
+    <li><code>ExpiresDefault</code></li>
+    </ol>
+    </p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Expires Filter/Filter Class Name"><!--()--></a><a name="Expires_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the Expires Filter is
+    <strong><code>org.apache.catalina.filters.ExpiresFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Expires Filter/Initialisation parameters"><!--()--></a><a name="Expires_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The <strong>Expires Filter</strong> supports the following
+    initialisation parameters:</p>
+
+    <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">ExpiresExcludedResponseStatusCodes</code></td><td align="left" valign="center">
+         <p>
+         This directive defines the http response status codes for which the
+         <code>ExpiresFilter</code> will not generate expiration headers. By default, the
+         <code>304</code> status code ("<code>Not modified</code>") is skipped. The
+         value is a comma separated list of http status codes.
+         </p>
+         <p>
+         This directive is useful to ease usage of <code>ExpiresDefault</code> directive.
+         Indeed, the behavior of <code>304 Not modified</code> (which does specify a
+         <code>Content-Type</code> header) combined with <code>Expires</code> and
+         <code>Cache-Control:max-age=</code> headers can be unnecessarily tricky to
+         understand.
+         </p>
+         <p><i>See sample below the table</i></p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">ExpiresByType &lt;content-type&gt;</code></td><td align="left" valign="center">
+         <p>
+         This directive defines the value of the <code>Expires</code> header and the
+         <code>max-age</code> directive of the <code>Cache-Control</code> header generated for
+         documents of the specified type (<i>e.g.</i>, <code>text/html</code>). The second
+         argument sets the number of seconds that will be added to a base time to
+         construct the expiration date. The <code>Cache-Control: max-age</code> is
+         calculated by subtracting the request time from the expiration date and
+         expressing the result in seconds.
+         </p>
+         <p>
+         The base time is either the last modification time of the file, or the time
+         of the client's access to the document. Which should be used is
+         specified by the <code>&lt;code&gt;</code> field; <code>M</code> means that the
+         file's last modification time should be used as the base time, and
+         <code>A</code> means the client's access time should be used. The duration
+         is expressed in seconds. <code>A2592000</code> stands for
+         <code>access plus 30 days</code> in alternate syntax.
+         </p>
+         <p>
+         The difference in effect is subtle. If <code>M</code> (<code>modification</code> in
+         alternate syntax) is used, all current copies of the document in all caches
+         will expire at the same time, which can be good for something like a weekly
+         notice that's always found at the same URL. If <code>A</code> (
+         <code>access</code> or <code>now</code> in alternate syntax) is used, the date of
+         expiration is different for each client; this can be good for image files
+         that don't change very often, particularly for a set of related
+         documents that all refer to the same images (<i>i.e.</i>, the images will be
+         accessed repeatedly within a relatively short timespan).
+         </p>
+         <p>
+         <strong>Note:</strong> When the content type includes a charset (e.g.
+         <code>'ExpiresByType text/xml;charset=utf-8'</code>), Tomcat removes blank chars
+         between the '<code>;</code>' and the '<code>charset</code>' keyword. Due to this,
+         configuration of an expiration with a charset must <strong>not</strong> include
+         such a space character.
+         </p>
+         <p><i>See sample below the table</i></p>
+         <p>
+         It overrides, for the specified MIME type <i>only</i>, any
+         expiration date set by the <code>ExpiresDefault</code> directive.
+         </p>
+         <p>
+         You can also specify the expiration time calculation using an alternate
+         syntax, described earlier in this document.
+         </p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">ExpiresDefault</code></td><td align="left" valign="center">
+         <p>
+         This directive sets the default algorithm for calculating the
+         expiration time for all documents in the affected realm. It can be
+         overridden on a type-by-type basis by the <code>ExpiresByType</code> directive. See the
+         description of that directive for details about the syntax of the
+         argument, and the "alternate syntax"
+         description as well.
+         </p>
+      </td></tr></table>
+
+    <p><i>Sample : exclude response status codes 302, 500 and 503</i></p>
+
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;init-param&gt;
+ &lt;param-name&gt;ExpiresExcludedResponseStatusCodes&lt;/param-name&gt;
+ &lt;param-value&gt;302, 500, 503&lt;/param-value&gt;
+&lt;/init-param&gt;
+</pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+    <p><i>Sample for ExpiresByType initialization parameter</i></p>
+
+         <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+&lt;init-param&gt;
+   &lt;param-name&gt;ExpiresByType text/html&lt;/param-name&gt;
+   &lt;param-value&gt;access plus 1 month 15   days 2 hours&lt;/param-value&gt;
+&lt;/init-param&gt;
+
+&lt;init-param&gt;
+   &lt;!-- 2592000 seconds = 30 days --&gt;
+   &lt;param-name&gt;ExpiresByType image/gif&lt;/param-name&gt;
+   &lt;param-value&gt;A2592000&lt;/param-value&gt;
+&lt;/init-param&gt;
+         </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Troubleshooting"><strong>Troubleshooting</strong></a></font></td></tr><tr><td><blockquote>
+    <p>
+    To troubleshoot, enable logging on the
+    <code>org.apache.catalina.filters.ExpiresFilter</code>.
+    </p>
+    <p>
+    Extract of logging.properties
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+org.apache.catalina.filters.ExpiresFilter.level = FINE
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>
+    Sample of initialization log message:
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+Mar 26, 2010 2:01:41 PM org.apache.catalina.filters.ExpiresFilter init
+FINE: Filter initialized with configuration ExpiresFilter[
+ excludedResponseStatusCode=[304],
+ default=null,
+ byType={
+    image=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]],
+    text/css=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]],
+    text/javascript=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]]}]
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>
+    Sample of per-request log message where <code>ExpiresFilter</code> adds an
+    expiration date is below. The message is on one line and is wrapped here
+    for better readability.
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+Mar 26, 2010 2:09:47 PM org.apache.catalina.filters.ExpiresFilter onBeforeWriteResponseBody
+FINE: Request "/tomcat.gif" with response status "200"
+ content-type "image/gif", set expiration date 3/26/10 2:19 PM
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>
+    Sample of per-request log message where <code>ExpiresFilter</code> does not add
+    an expiration date:
+    </p>
+
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+Mar 26, 2010 2:10:27 PM org.apache.catalina.filters.ExpiresFilter onBeforeWriteResponseBody
+FINE: Request "/docs/config/manager.html" with response status "200"
+ content-type "text/html", no expiration configured
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+  </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter"><!--()--></a><a name="Remote_Address_Filter"><strong>Remote Address Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter/Introduction"><!--()--></a><a name="Remote_Address_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The <strong>Remote Address Filter</strong> allows you to compare the
+    IP address of the client that submitted this request against one or more
+    <em>regular expressions</em>, and either allow the request to continue
+    or refuse to process the request from this client. </p>
+
+    <p>The syntax for <em>regular expressions</em> is different than that for
+    'standard' wildcard matching. Tomcat uses the <code>java.util.regex</code>
+    package. Please consult the Java documentation for details of the
+    expressions supported.</p>
+
+    <p><strong>Note:</strong> There is a caveat when using this filter with
+    IPv6 addresses. Format of the IP address that this valve is processing
+    depends on the API that was used to obtain it. If the address was obtained
+    from Java socket using Inet6Address class, its format will be
+    <code>x:x:x:x:x:x:x:x</code>. That is, the IP address for localhost
+    will be <code>0:0:0:0:0:0:0:1</code> instead of the more widely used
+    <code>::1</code>. Consult your access logs for the actual value.</p>
+
+    <p>See also: <a href="#Remote_Host_Filter">Remote Host Filter</a>.</p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter/Filter Class Name"><!--()--></a><a name="Remote_Address_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the Remote Address Filter is
+    <strong><code>org.apache.catalina.filters.RemoteAddrFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Address Filter/Initialisation parameters"><!--()--></a><a name="Remote_Address_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The <strong>Remote Address Filter</strong> supports the following
+    initialisation parameters:</p>
+
+    <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">allow</code></td><td align="left" valign="center">
+        <p>A regular expression (using <code>java.util.regex</code>) that the
+        remote client's IP address is compared to.  If this attribute
+        is specified, the remote address MUST match for this request to be
+        accepted.  If this attribute is not specified, all requests will be
+        accepted UNLESS the remote address matches a <code>deny</code>
+        pattern.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">deny</code></td><td align="left" valign="center">
+        <p>A regular expression (using <code>java.util.regex</code>) that the
+        remote client's IP address is compared to.  If this attribute
+        is specified, the remote address MUST NOT match for this request to be
+        accepted.  If this attribute is not specified, request acceptance is
+        governed solely by the <code>accept</code> attribute.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">denyStatus</code></td><td align="left" valign="center">
+        <p>HTTP response status code that is used when rejecting denied
+        request. The default value is <code>403</code>. For example,
+        it can be set to the value <code>404</code>.</p>
+      </td></tr></table>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Example"><strong>Example</strong></a></font></td></tr><tr><td><blockquote>
+    <p>To allow access only for the clients connecting from localhost:</p>
+<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+    &lt;filter&gt;
+      &lt;filter-name&gt;Remote Address Filter&lt;/filter-name&gt;
+      &lt;filter-class&gt;org.apache.catalina.filters.RemoteAddrFilter&lt;/filter-class&gt;
+      &lt;init-param&gt;
+        &lt;param-name&gt;allow&lt;/param-name&gt;
+        &lt;param-value&gt;127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1&lt;/param-value&gt;
+      &lt;/init-param&gt;
+    &lt;/filter&gt;
+    &lt;filter-mapping&gt;
+      &lt;filter-name&gt;Remote Address Filter&lt;/filter-name&gt;
+      &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+    &lt;/filter-mapping&gt;
+</pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+  </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter"><!--()--></a><a name="Remote_Host_Filter"><strong>Remote Host Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter/Introduction"><!--()--></a><a name="Remote_Host_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The <strong>Remote Host Filter</strong> allows you to compare the
+    hostname of the client that submitted this request against one or more
+    <em>regular expressions</em>, and either allow the request to continue
+    or refuse to process the request from this client. </p>
+
+    <p>The syntax for <em>regular expressions</em> is different than that for
+    'standard' wildcard matching. Tomcat uses the <code>java.util.regex</code>
+    package. Please consult the Java documentation for details of the
+    expressions supported.</p>
+
+    <p><strong>Note:</strong> This filter processes the value returned by
+    method <code>ServletRequest.getRemoteHost()</code>. To allow the method
+    to return proper host names, you have to enable "DNS lookups" feature on
+    a <strong>Connector</strong>.</p>
+
+    <p>See also: <a href="#Remote_Address_Filter">Remote Address Filter</a>,
+    <a href="http.html">HTTP Connector</a> configuration.</p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter/Filter Class Name"><!--()--></a><a name="Remote_Host_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the Remote Address Filter is
+    <strong><code>org.apache.catalina.filters.RemoteHostFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote Host Filter/Initialisation parameters"><!--()--></a><a name="Remote_Host_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The <strong>Remote Host Filter</strong> supports the following
+    initialisation parameters:</p>
+
+    <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">allow</code></td><td align="left" valign="center">
+        <p>A regular expression (using <code>java.util.regex</code>) that the
+        remote client's hostname is compared to.  If this attribute
+        is specified, the remote hostname MUST match for this request to be
+        accepted.  If this attribute is not specified, all requests will be
+        accepted UNLESS the remote hostname matches a <code>deny</code>
+        pattern.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">deny</code></td><td align="left" valign="center">
+        <p>A regular expression (using <code>java.util.regex</code>) that the
+        remote client's hostname is compared to.  If this attribute
+        is specified, the remote hostname MUST NOT match for this request to be
+        accepted.  If this attribute is not specified, request acceptance is
+        governed solely by the <code>accept</code> attribute.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">denyStatus</code></td><td align="left" valign="center">
+        <p>HTTP response status code that is used when rejecting denied
+        request. The default value is <code>403</code>. For example,
+        it can be set to the value <code>404</code>.</p>
+      </td></tr></table>
+
+  </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Filter"><!--()--></a><a name="Remote_IP_Filter"><strong>Remote IP Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Filter/Introduction"><!--()--></a><a name="Remote_IP_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>Tomcat port of
+    <a href="http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html">mod_remoteip</a>,
+    this filter replaces the apparent client remote IP address and hostname for
+    the request with the IP address list presented by a proxy or a load balancer
+    via a request headers (e.g. "X-Forwarded-For").</p>
+
+    <p>Another feature of this filter is to replace the apparent scheme
+    (http/https), server port and <code>request.secure</code> with the scheme presented
+    by a proxy or a load balancer via a request header
+    (e.g. "X-Forwarded-Proto").</p>
+
+    <p>If used in conjunction with Remote Address/Host filters then this filter
+    should be defined first to ensure that the correct client IP address is
+    presented to the Remote Address/Host filters.</p>
+
+    <p><strong>Note:</strong> By default this filter has no effect on the
+    values that are written into access log. The original values are restored
+    when request processing leaves the filter and that always happens earlier
+    than access logging. To pass the remote address, remote host, server port
+    and protocol values set by this filter to the access log,
+    they are put into request attributes. Publishing these values here
+    is enabled by default, but <code>AccessLogValve</code> should be explicitly
+    configured to use them. See documentation for
+    <code>requestAttributesEnabled</code> attribute of
+    <code>AccessLogValve</code>.</p>
+
+    <p>The names of request attributes that are set by this filter
+    and can be used by access logging are the following:</p>
+
+    <ul>
+      <li><code>org.apache.catalina.AccessLog.RemoteAddr</code></li>
+      <li><code>org.apache.catalina.AccessLog.RemoteHost</code></li>
+      <li><code>org.apache.catalina.AccessLog.Protocol</code></li>
+      <li><code>org.apache.catalina.AccessLog.ServerPort</code></li>
+    </ul>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Filter/Filter Class Name"><!--()--></a><a name="Remote_IP_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the Remote IP Filter is
+    <strong><code>org.apache.catalina.filters.RemoteIpFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Basic configuration to handle 'x-forwarded-for'"><!--()--></a><a name="Basic_configuration_to_handle_'x-forwarded-for'"><strong>Basic configuration to handle 'x-forwarded-for'</strong></a></font></td></tr><tr><td><blockquote>
+    <p>
+    The filter will process the <code>x-forwarded-for</code> http header.
+    </p>
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+      &lt;filter&gt;
+        &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+        &lt;filter-class&gt;org.apache.catalina.filters.RemoteIpFilter&lt;/filter-class&gt;
+      &lt;/filter&gt;
+
+      &lt;filter-mapping&gt;
+        &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+        &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+        &lt;dispatcher&gt;REQUEST&lt;/dispatcher&gt;
+      &lt;/filter-mapping&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Basic configuration to handle 'x-forwarded-for' and 'x-forwarded-proto'"><!--()--></a><a name="Basic_configuration_to_handle_'x-forwarded-for'_and_'x-forwarded-proto'"><strong>Basic configuration to handle 'x-forwarded-for' and 'x-forwarded-proto'</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>
+    The filter will process <code>x-forwarded-for</code> and
+    <code>x-forwarded-proto</code> http headers. Expected value for the
+    <code>x-forwarded-proto</code> header in case of SSL connections is
+    <code>https</code> (case insensitive). </p>
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+      &lt;filter&gt;
+        &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+        &lt;filter-class&gt;org.apache.catalina.filters.RemoteIpFilter&lt;/filter-class&gt;
+        &lt;init-param&gt;
+          &lt;param-name&gt;protocolHeader&lt;/param-name&gt;
+          &lt;param-value&gt;x-forwarded-proto&lt;/param-value&gt;
+        &lt;/init-param&gt;
+      &lt;/filter&gt;
+
+      &lt;filter-mapping&gt;
+        &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+        &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+        &lt;dispatcher&gt;REQUEST&lt;/dispatcher&gt;
+      &lt;/filter-mapping&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Advanced configuration with internal proxies"><!--()--></a><a name="Advanced_configuration_with_internal_proxies"><strong>Advanced configuration with internal proxies</strong></a></font></td></tr><tr><td><blockquote>
+    <p>RemoteIpFilter configuration: </p>
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+     &lt;filter&gt;
+       &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+       &lt;filter-class&gt;org.apache.catalina.filters.RemoteIpFilter&lt;/filter-class&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;allowedInternalProxies&lt;/param-name&gt;
+         &lt;param-value&gt;192\.168\.0\.10|192\.168\.0\.11&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-for&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpProxiesHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-by&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;protocolHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-proto&lt;/param-value&gt;
+       &lt;/init-param&gt;
+     &lt;/filter&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>Request values:
+    <table border="1" cellpadding="5">
+      <tr>
+        <th bgcolor="#023264"><font color="#ffffff">Property</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th>
+      </tr>
+      <tr>
+        <td> request.remoteAddr </td>
+        <td> 192.168.0.10 </td>
+        <td> 140.211.11.130 </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-for'<code>]</code> </td>
+        <td> 140.211.11.130, 192.168.0.10 </td>
+        <td> null </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-by'<code>]</code> </td>
+        <td> null </td>
+        <td> null </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-proto'<code>]</code> </td>
+        <td> https </td>
+        <td> https </td>
+      </tr>
+      <tr>
+        <td> request.scheme </td>
+        <td> http </td>
+        <td> https </td>
+      </tr>
+      <tr>
+        <td> request.secure </td>
+        <td> false </td>
+        <td> true </td>
+      </tr>
+      <tr>
+        <td> request.serverPort </td>
+        <td> 80 </td>
+        <td> 443 </td>
+      </tr>
+    </table>
+    </p>
+    <p>
+    Note : <code>x-forwarded-by</code> header is <code>null</code> because only
+    internal proxies has been traversed by the request.
+    <code>x-forwarded-for</code> is <code>null</code> because all the proxies are
+    trusted or internal.
+    </p>
+  </blockquote></td></tr></table>
+
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Advanced configuration with trusted proxies"><!--()--></a><a name="Advanced_configuration_with_trusted_proxies"><strong>Advanced configuration with trusted proxies</strong></a></font></td></tr><tr><td><blockquote>
+    <p>RemoteIpFilter configuration: </p>
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+     &lt;filter&gt;
+       &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+       &lt;filter-class&gt;org.apache.catalina.filters.RemoteIpFilter&lt;/filter-class&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;allowedInternalProxies&lt;/param-name&gt;
+         &lt;param-value&gt;192\.168\.0\.10|192\.168\.0\.11&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-for&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpProxiesHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-by&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;trustedProxies&lt;/param-name&gt;
+         &lt;param-value&gt;proxy1|proxy2&lt;/param-value&gt;
+       &lt;/init-param&gt;
+     &lt;/filter&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>Request values: <table border="1" cellpadding="5">
+      <tr>
+        <th bgcolor="#023264"><font color="#ffffff">Property</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th>
+      </tr>
+      <tr>
+        <td> request.remoteAddr </td>
+        <td> 192.168.0.10 </td>
+        <td> 140.211.11.130 </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-for'<code>]</code> </td>
+        <td> 140.211.11.130, proxy1, proxy2 </td>
+        <td> null </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-by'<code>]</code> </td>
+        <td> null </td>
+        <td> proxy1, proxy2 </td>
+      </tr>
+    </table>
+    </p>
+    <p>
+    Note : <code>proxy1</code> and <code>proxy2</code> are both trusted proxies that
+    come in <code>x-forwarded-for</code> header, they both are migrated in
+    <code>x-forwarded-by</code> header. <code>x-forwarded-for</code> is <code>null</code>
+    because all the proxies are trusted or internal.
+    </p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Advanced configuration with internal and trusted proxies"><!--()--></a><a name="Advanced_configuration_with_internal_and_trusted_proxies"><strong>Advanced configuration with internal and trusted proxies</strong></a></font></td></tr><tr><td><blockquote>
+    <p>RemoteIpFilter configuration: </p>
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+     &lt;filter&gt;
+       &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+       &lt;filter-class&gt;org.apache.catalina.filters.RemoteIpFilter&lt;/filter-class&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;allowedInternalProxies&lt;/param-name&gt;
+         &lt;param-value&gt;192\.168\.0\.10|192\.168\.0\.11&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-for&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpProxiesHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-by&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;trustedProxies&lt;/param-name&gt;
+         &lt;param-value&gt;proxy1|proxy2&lt;/param-value&gt;
+       &lt;/init-param&gt;
+     &lt;/filter&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>Request values: <table border="1" cellpadding="5">
+      <tr>
+        <th bgcolor="#023264"><font color="#ffffff">Property</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th>
+      </tr>
+      <tr>
+        <td> request.remoteAddr </td>
+        <td> 192.168.0.10 </td>
+        <td> 140.211.11.130 </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-for'<code>]</code> </td>
+        <td> 140.211.11.130, proxy1, proxy2, 192.168.0.10 </td>
+        <td> null </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-by'<code>]</code> </td>
+        <td> null </td>
+        <td> proxy1, proxy2 </td>
+      </tr>
+    </table>
+    </p>
+    <p>
+    Note : <code>proxy1</code> and <code>proxy2</code> are both trusted proxies that
+    come in <code>x-forwarded-for</code> header, they both are migrated in
+    <code>x-forwarded-by</code> header. As <code>192.168.0.10</code> is an internal
+    proxy, it does not appear in <code>x-forwarded-by</code>.
+    <code>x-forwarded-for</code> is <code>null</code> because all the proxies are
+    trusted or internal.
+    </p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Advanced configuration with an untrusted proxy"><!--()--></a><a name="Advanced_configuration_with_an_untrusted_proxy"><strong>Advanced configuration with an untrusted proxy</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>RemoteIpFilter configuration: </p>
+    <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
+     &lt;filter&gt;
+       &lt;filter-name&gt;RemoteIpFilter&lt;/filter-name&gt;
+       &lt;filter-class&gt;org.apache.catalina.filters.RemoteIpFilter&lt;/filter-class&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;allowedInternalProxies&lt;/param-name&gt;
+         &lt;param-value&gt;192\.168\.0\.10|192\.168\.0\.11&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-for&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;remoteIpProxiesHeader&lt;/param-name&gt;
+         &lt;param-value&gt;x-forwarded-by&lt;/param-value&gt;
+       &lt;/init-param&gt;
+       &lt;init-param&gt;
+         &lt;param-name&gt;trustedProxies&lt;/param-name&gt;
+         &lt;param-value&gt;proxy1|proxy2&lt;/param-value&gt;
+       &lt;/init-param&gt;
+     &lt;/filter&gt;
+    </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+    <p>Request values: <table border="1" cellpadding="5">
+      <tr>
+        <th bgcolor="#023264"><font color="#ffffff">Property</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th>
+        <th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th>
+      </tr>
+      <tr>
+        <td> request.remoteAddr </td>
+        <td> 192.168.0.10 </td>
+        <td> untrusted-proxy </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-for'<code>]</code> </td>
+        <td> 140.211.11.130, untrusted-proxy, proxy1 </td>
+        <td> 140.211.11.130 </td>
+      </tr>
+      <tr>
+        <td> request.header<code>[</code>'x-forwarded-by'<code>]</code> </td>
+        <td> null </td>
+        <td> proxy1 </td>
+      </tr>
+    </table>
+    </p>
+    <p>
+    Note : <code>x-forwarded-by</code> holds the trusted proxy <code>proxy1</code>.
+    <code>x-forwarded-by</code> holds <code>140.211.11.130</code> because
+    <code>untrusted-proxy</code> is not trusted and thus, we can not trust that
+    <code>untrusted-proxy</code> is the actual remote ip.
+    <code>request.remoteAddr</code> is <code>untrusted-proxy</code> that is an IP
+    verified by <code>proxy1</code>.
+    </p>
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Remote IP Filter/Initialisation parameters"><!--()--></a><a name="Remote_IP_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The <strong>Remote IP Filter</strong> supports the
+    following initialisation parameters:</p>
+
+    <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code class="attributeName">remoteIpHeader</code></td><td align="left" valign="center">
+        <p>Name of the HTTP Header read by this valve that holds the list of
+        traversed IP addresses starting from the requesting client. If not
+        specified, the default of <code>x-forwarded-for</code> is used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">internalProxies</code></td><td align="left" valign="center">
+        <p>Regular expression (using <code>java.util.regex</code>) that a
+        proxy's IP address must match to be considered an internal proxy.
+        Internal proxies that appear in the <strong>remoteIpHeader</strong> will
+        be trusted and will not appear in the <strong>proxiesHeader</strong>
+        value. If not specified the default value of <code>
+        10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
+        </code> will be used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">proxiesHeader</code></td><td align="left" valign="center">
+        <p>Name of the HTTP header created by this valve to hold the list of
+        proxies that have been processed in the incoming
+        <strong>remoteIpHeader</strong>. If not specified, the default of
+        <code>x-forwarded-by</code> is used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">requestAttributesEnabled</code></td><td align="left" valign="center">
+        <p>Set to <code>true</code> to set the request attributes used by
+        AccessLog implementations to override the values returned by the
+        request for remote address, remote host, server port and protocol.
+        If not set, the default value of <code>true</code> will be used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">trustedProxies</code></td><td align="left" valign="center">
+        <p>Regular expression (using <code>java.util.regex</code>) that a
+        proxy's IP address must match to be considered an trusted proxy.
+        Trusted proxies that appear in the <strong>remoteIpHeader</strong> will
+        be trusted and will appear in the <strong>proxiesHeader</strong> value.
+        If not specified, no proxies will be trusted.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">protocolHeader</code></td><td align="left" valign="center">
+        <p>Name of the HTTP Header read by this valve that holds the protocol
+        used by the client to connect to the proxy. If not specified, the
+        default of <code>null</code> is used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">portHeader</code></td><td align="left" valign="center">
+        <p>Name of the HTTP Header read by this valve that holds the port
+        used by the client to connect to the proxy. If not specified, the
+        default of <code>null</code> is used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">protocolHeaderHttpsValue</code></td><td align="left" valign="center">
+        <p>Value of the <strong>protocolHeader</strong> to indicate that it is
+        an HTTPS request. If not specified, the default of <code>https</code> is
+        used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">httpServerPort</code></td><td align="left" valign="center">
+        <p>Value returned by <code>ServletRequest.getServerPort()</code>
+        when the <strong>protocolHeader</strong> indicates <code>http</code>
+        protocol and no <strong>portHeader</strong> is present. If not
+        specified, the default of <code>80</code> is used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">httpsServerPort</code></td><td align="left" valign="center">
+        <p>Value returned by <code>ServletRequest.getServerPort()</code>
+        when the <strong>protocolHeader</strong> indicates <code>https</code>
+        protocol and no <strong>portHeader</strong> is present. If not
+        specified, the default of <code>443</code> is used.</p>
+      </td></tr><tr><td align="left" valign="center"><code class="attributeName">changeLocalPort</code></td><td align="left" valign="center">
+        <p>If <code>true</code>, the value returned by
+        <code>ServletRequest.getLocalPort()</code> and
+        <code>ServletRequest.getServerPort()</code> is modified by the this
+        filter. If not specified, the default of <code>false</code> is used.</p>
+      </td></tr></table>
+
+
+  </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Filter"><!--()--></a><a name="Request_Dumper_Filter"><strong>Request Dumper Filter</strong></a></font></td></tr><tr><td><blockquote>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Filter/Introduction"><!--()--></a><a name="Request_Dumper_Filter/Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The Request Dumper Filter logs information from the request and response
+    objects and is intended to be used for debugging purposes. When using this
+    Filter, it is recommended that the
+    <code>org.apache.catalina.filter.RequestDumperFilter</code> logger is
+    directed to a dedicated file and that the
+    <code>org.apache.juli.VerbatimFormmater</code> is used.</p>
+
+    <p><strong>WARNING: Using this filter has side-effects.</strong>  The
+    output from this filter includes any parameters included with the request.
+    The parameters will be decoded using the default platform encoding. Any
+    subsequent calls to <code>request.setCharacterEncoding()</code> within
+    the web application will have no effect.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Filter/Filter Class Name"><!--()--></a><a name="Request_Dumper_Filter/Filter_Class_Name"><strong>Filter Class Name</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The filter class name for the Request Dumper Filter is
+    <strong><code>org.apache.catalina.filters.RequestDumperFilter</code>
+    </strong>.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Request Dumper Filter/Initialisation parameters"><!--()--></a><a name="Request_Dumper_Filter/Initialisation_parameters"><strong>Initialisation parameters</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The Request Dumper Filter does not support any initialization
+    parameters.</p>
+
+  </blockquote></td></tr></table>
+
+  <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Sample Configuration"><!--()--></a><a name="Sample_Configuration"><strong>Sample Configuration</strong></a></font></td></tr><tr><td><blockquote>
+
+    <p>The following entries in a web application's web.xml would enable the
+    Request Dumper filter for all requests for that web application. If the

[... 169 lines stripped ...]


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message