tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor <rc4...@googlemail.com>
Subject Re: RemoteAddrValve and RemoteHostValve
Date Sun, 01 Mar 2009 00:25:24 GMT
marc,
do i understand you correct that you only whant to accept requests  
from "localhost"?
next: wouldn't authorization solve your problem?

rgds

gregor

Am 28.02.2009 um 19:14 schrieb Zak Mc Kracken <zakmck73@yahoo.it>:

> Thank you all for replies and detailed explanation. Now I understand  
> what's happening. My specific problem is restrict a single web  
> application to clients coming from localhost only. This was not  
> working (everything blocked):
>
> <Context>
>  <Valve className="org.apache.catalina.valves.RemoteHostValve"
>         allow="localhost"/>
>  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>         allow="127\.0\.0\.1" deny="" />
> </Context>
>
> I am using a Mac and, after your replies, I tried to see what  
> request.getRemoteAddr() and request.getRemoteHost(). Well, it turns  
> out that they both return "0:0:0:0:0:0:0:1%0", so now everything  
> works with:
>
> <Context>
>  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>         allow="127\.0\.0\.1,0:0:0:0:0:0:0:1\%0" deny="" />
> </Context>
>
>
> Moreover, André's reply is pretty convincing, although it seems to i 
> mply that RemoteHostValve should be avoided (isn't DNS reverse looku 
> p cached?) and cannot be chained with RemoteAddrValve. Of course one 
>  can do what you suggests, although this is a bit impractical in lar 
> ge networks where one wouldn't like to care about IP changes of symb 
> olic names. Worse, I don't see what I could do to grant access to si 
> ngle PCs in those LANs where users have fixed host names for their P 
> Cs, but DHCP-assigned IPs (OK, maybe it's a theoretical case, I woul 
> d probably switch to user/password).
>
> Cheers.
>
> Marco.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message