tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject Re: problem with Remote Address Filter
Date Fri, 13 Sep 2013 15:27:15 GMT
On Thu, Sep 12, 2013 at 01:14:58PM -0700, Garey Mills wrote:
>     I'm running Apache Tomcat Version 7.0.29. I have inserted a Remote
> Address filter into server.xml inside of the <Host> tag. It is not blocking
> addresses that are not in <Allow>.

That's probably because Filters don't go there.  They are configured
in web.xml.

http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Introduction

See RemoteAddrValve for a component that can be configured in
server.xml or an external Context descriptor.

http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter

>     I am using the Remote Address filter because I want to allow access
> only to addresses in our institution's community. This is a large
> institution and we have 4 or 5 class B address ranges, maybe 10 class Cs,
> and a number of broken ranges. The regular expression runs to 8181
> characters without doubling up on \. It does, however, work in a test Java
> class that I wrote, correctly allowing and disallowing a test group of
> addresses.
> 
>     One question I have is that the example in
> 
> 
> http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
> 
> has single backslashes, but in order to make the pattern work in my test
> class, I had to double up on the slashes. I took a look at the
> RequestFilter code, and it looks like the pattern string is just passed to
> Pattern.compile, so the pattern in the filter should need double slashes.
> I've tried it both ways and neither worked.

If you are calling the filter from Java code, you probably are passing
it the pattern in a String constant.  The double backslashes are needed to
get single backslashes into the content of the String, because they are
string escapes in Java and must themselves be escaped.

The Tomcat configuration files are not Java and the conventions are
different.  Single backslashes work just fine for me with the
RemoteAddrValve, and I don't see why they should not work in
configuring the RemoteAddressFilter.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.

Mime
View raw message