tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jaikit <jaikit.sa...@yahoo.com>
Subject Re: Authenticate requests from localhost using tomcat RemoteAddrFilter
Date Tue, 25 Sep 2012 03:21:47 GMT
One of the platform team's filter was overriding the remote address with 
actual ip :(  I removed their filter and verified.
Apologies and thanks everyone for their time.

Thanks

On 9/24/12 11:58 AM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jaikit,
>
> On 9/22/12 6:04 PM, Jaikit Savla wrote:
>> I have some admin api's which I want to have restricted access
> I think you mean APIs. "admin api's which" is a possessive even a
> native English speaker can't figure out.
>
>> - such that only if the request originates from localhost - it will
>> execute. For that I am using tomcat's RemoteAddrfilter
>>
>> <filter> <filter-name>Remote Address Filter</filter-name> ...
>> <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
>> ... </filter>
>>
>> Now when I execute the request from localhost - request fails with
>> 403. Reason being "REMOTE_ADDR" is set with actual ip of the
>> machine and filter does string comparison of ip. Hence it fails.
> How do you do the request? If it's like this:
>
>> -bash-4.1$ curl -v http://localhost/ws/local/info * About to
>> connect() to localhost port 80 (#0) *   Trying 127.0.0.1...
>> connected * Connected to localhost (127.0.0.1) port 80 (#0)
>>> GET /ws/local/vip/info HTTP/1.1 User-Agent: curl/7.21.7
>>> (x86_64-unknown-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8o
>>> zlib/1.2.3 libidn/1.18 libssh2/1.2.2 Host: localhost Accept: */*
>>>
>> < HTTP/1.1 403 Forbidden
> ...then I don't understand why you aren't getting 127.0.0.1 as the
> REMOTE_ADDR. Do you have anything weird in /etc/hosts like 'localhost
> 108.13.226.208' or any folishness with the routing table which makes
> localhost take the long route through ethX?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlBgrU4ACgkQ9CaO5/Lv0PALmgCgwlIRgtaGRhsM03gvfDguTGJ8
> VpEAoKNpwD+zNmvBBsIqxv2/IngmAt1T
> =ExFV
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message