tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Denying IPs using the Valve command in context.xml
Date Tue, 04 Oct 2011 19:08:56 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Francis,

On 10/4/2011 2:53 PM, Francis GALIEGUE wrote:
> On Tue, Oct 4, 2011 at 20:46, Christopher Schultz 
> <chris@christopherschultz.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Francis,
>> 
>> On 10/4/2011 2:37 PM, Francis GALIEGUE wrote:
>>> On Tue, Oct 4, 2011 at 19:49, André Warnier <aw@ice-sa.com>
>>> wrote: [...]
>>> 
>>>> In this particular case, "\.googlebot\.com$" would be better 
>>>> (with the RemoteHostValve).
>>>> 
>>> 
>>> No, that would not even work, for there is a fatal flaw in all 
>>> existing Valves and Filters using regexes: they use the
>>> .matches() method of Matcher instead of .lookingAt(), which
>>> means you _must_ specify the whole hostname in the regex...
>> 
>> Are you saying that ".*\.googlebot\.com" doesn't work?
>> 
> 
> No, this would work. However, "\.googlebot\.com$" will not.

- From the docs:

"If this attribute [allow] is specified, the remote address MUST match
for this request to be accepted".

"If this attribute [deny] is specified, the remote address MUST NOT
match for this request to be accepted".

I don't think Matacher.lookingAt is appropriate for this kind of checking.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6LWcgACgkQ9CaO5/Lv0PC8xACgqAzmTNKrfbmpDZAkFK4RgjfV
C8gAn0f0bZB10jP6O1wjfJSl9tTYTBuK
=ejl6
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message