tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <>
Subject Re: redirect request from 8080 to port 80
Date Wed, 15 May 2013 12:47:05 GMT

On 15.5.2013 13:42, Anil Goyal -X (anigoyal - Aricent Technologies at 
Cisco) wrote:
> We are using tomcat version 7.0.25 and in server.xml, we have two connector port defined:80
(http)and 443(https).
> In /etc/sysconfig/iptables, we have redirect logic written that will redirect the request
coming at port 8080 to port 80, and request coming at port 8443 to 443.
> -A PREROUTING -p tcp -m tcp --dport 8443 -j REDIRECT --to-ports 443
> -A PREROUTING -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 80

Your configuration is a bit unusual. You have Tomcat running on port 80, 
but you add prerouting rule to iptables, so that Tomcat will also 
respond to port 8080, right? Would you explain what is your motivation 
for such configuration?

> Now when I hit the url 'http://request-uri:8080/context, then I am getting the desire
response. I have below query:
> 1.       Will the request firstly go to iptables before tomcat ?


> 2.       If request firstly go to iptable then it check that 8080 is redirect to port
80 then url change to 'http://request-uri:80/context' and it then land to tomcat and tomcat
respond to it. Now in tomcat access logs, the requesting port corresponding to this request
is 8080. So why it is 8080 in tomcat access logs.? Please revert on this. I think because
iptables redirect 8080 to 80 so tomcat receives the request at port 80 so in tomcat access
logs, requestiong port should be 80.

Iptables will not change the URL. Iptables merely redirects all packets 
received on port 8080 to port 80. It will not alter the contents of the 
packets. Therefore, Tomcat will receive your HTTP request as it is sent 
by your browser -- which means it will contain port 8080 and not port 
80. Tomcat processes the requests and logs the port as it is received, 
and that is 8080.

BTW, AccessLogValve does not log port by default, I assume you are using 
your own logging pattern.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message