tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stuart Fox <stu...@netxtra.net>
Subject RE: Some tomcat config questions
Date Thu, 27 Jul 2006 08:59:00 GMT

Any clues on this? I cant seem to figure it out

Cheers

Stuart 

-----Original Message-----
From: Stuart Fox [mailto:stuart@netxtra.net] 
Sent: 25 July 2006 16:12
To: 'Tomcat Users List'
Subject: RE: Some tomcat config questions


>> ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"

> You need 4.1.32 for the ciphers parameter to take effect.

Worked a treat, cheers.

>> Second it says I have UserDir enabled (like apache mod_userdir I assume) but again
I cant find a way to disable it

>Remove the UserConfig listener from you host. See User Web
>Applications in
>http://tomcat.apache.org/tomcat-4.1-doc/config/host.html

Also worked a treat

>> Third if I telnet to port 80 and issue "GET / HTTP/1.0" the "Location" header contain
the local ip address not the public one, It's sat behind a firewall.
>> I tried the "server=external ip" in each connector but I still get the internal ip
address returned, any way to fix it?

>Not something I have ever done (or tested) but proxyName on the
>connector looks like what you want.

This one didn’t work, I'll try and explain a little better.

I've got a tomcat host listening on port 80, in front of it is a firewall that maps through
to port 80. The firewall ip is, say, 150.1.1.1 and the tomcat internal ip is 192.168.1.1.
There is one <connector> for port 80 in server.xml. There are approx 20 <host>
definitions bound to that port.
The problem comes when you telnet to the public ip(150.1.1.1) and issue "GET / HTTP/1.0".
In the response you get "Location: 192.168.1.1" therefore leaking the internal ip structure.

If I now put a proxyName="150.1.1.1" in the connector, every correct request to the <host>
addresses gets directed to "150.1.1.1" , even proper
"GET / HTTP/1.1
Hostname: www.hostedsite.com", ignoring the Hostname bit and showing the first listed <host>

Obviously not good for the hosted sites :)

Now, if I put a proxyName="www.hostedsite.com" in the <host> bit and proxyName="150.1.1.1"
in the <connector> bit, the <connector takes pref and sites still get directed to
"150.1.1.1", again not so good.

If I then remove the proxyName="150.1.1.1" from the <connector> bit and leave proxyName="www.hostedsite.com"
in the <host> bit I go back to the original problem, "192.168.1.1" is shown in the Location
header.

Is there a something like proxyName that works on <connector> but doesn’t hog every
request.

Hope I explained it clearly!

>> Lastly (I think) the version header is always "Apache-Coyote/1.1", any way to change
it to "Coyote" easily?

>Set the server parameter on each connector.

Again, worked a treat
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



This email and any files transmitted with it are confidential and intended solely for the
use of the individual or entity to whom they are addressed. If you have received this email
in error please notify netXtra Ltd. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those of the company.
This email or any attachments do not constitute an offer. The contents of this e-mail and
any attachments may contain viruses that could damage your own computer systems.  Whilst netXtra
Ltd has taken every precaution to minimise this risk, we cannot accept liability for any damage
that you may sustain as a result of viruses


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message