tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Filtering HTTP OPTIONS request method from logs?
Date Mon, 16 Sep 2013 09:36:31 GMT
Jim Barber wrote:
> On 16/09/2013 4:46 PM, André Warnier wrote:
>> Apologies for top posting, just following the trend.
>>
>> OPTIONS are used quite a bit by e.g. DAV clients.
>> Won't you want also to add an IP filter then, to be able to block 
>> selectively only the requests from the proxies themselves ?
>>
>> Cédric Couralet wrote:
>>> Hi,
>>>
>>> I'm also interested in a method to filter those OPTIONS.
>>> With the same setup, I basically created my own AccessLogValve wich
>>> does the filtering, something like :
>>>
>>> /**
>>>      * Don't log request when HTTP Method is one of the exclude List
>>>      */
>>>     @Override
>>>     public void log(Request request, Response response, long time) {
>>>
>>>         if 
>>> (Arrays.asList(exclude.split(",")).contains(request.getMethod())) {
>>>             return;
>>>         }
>>>
>>>         super.log(request, response, time);
>>>     }
>>>
>>> But there must be something better.
>>>
>>>
>>> 2013/9/16 Jim Barber <jim.barber@ddihealth.com>:
>>>> Hi all.
>>>>
>>>> I'm hoping someone on this list can help me since I've been reading 
>>>> docs,
>>>> mailing lists, FAQs, and so on for hours now, and I'm not having 
>>>> much luck
>>>> finding an answer to my question.
>>>>
>>>> I am using Tomcat version 7.0.42 as packaged in Debian Linux.
>>>> In front of my Tomcat servers, I am using haproxy for load balancing.
>>>> The haproxy load balancers are using the HTTP OPTIONS request method to
>>>> check
>>>> if the Tomcat servers are alive and healthy.
>>>>
>>>> This results in log entries like the following in the Tomcat 
>>>> accesslog file:
>>>>
>>>> 10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:12:53 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:12:55 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:12:57 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:12:59 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:13:01 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:13:03 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:13:05 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:13:07 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:13:09 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>> 10.122.32.4 - - [16/Sep/2013:17:13:11 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>>
>>>> At the moment I'm getting one of these every 2seconds, but I haven't 
>>>> enabled
>>>> the second load balancer for HA purposes yet.
>>>> When I do that, I'll be getting twice as many hits of this type.
>>>>
>>>> This is going to result in rather large log files full of noise that 
>>>> I'm not
>>>> interested in.
>>>> I've been trying to work out how to filter these out.
>>>> Basically I don't want to log anything that is using the HTTP OPTIONS
>>>> Request
>>>> Method, but still want to log anything else that Tomcat usually logs.
>>>>
>>>> I have a feeling it will come down to modifying the following entry 
>>>> in the
>>>> /etc/tomcat7/server.xml file:
>>>>
>>>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>>>> directory="logs"
>>>>        prefix="localhost_access_log." suffix=".txt"
>>>>        pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>>>>
>>>> Specifically adding the condition="<VALUE>" attribute, but I have no

>>>> idea
>>>> what to set
>>>> <VALUE> to.
>>>> The docs say that if ServletRequest.getAttribute(<VALUE>) returns 
>>>> null for
>>>> the
>>>> attribute defined in condition, then the item will be logged.
>>>> Is there an ServletRequest attribute that is null when the http request
>>>> method
>>>> is not using "OPTIONS"?
>>>>
>>>> Or am I completely off track and there is a different way to filter 
>>>> these
>>>> access log messages?
>>>>
>>>> Regards,
>>>>
>>>> -- 
>>>> Jim Barber
> 
> Hi André.
> 
> I'm not sure I follow what you're saying.
> I don't want an IP filter, since I need the HTTP OPTIONS check from the 
> load
> balancers to reach the Tomcat servers and a response to come back, or 
> else the
> load balancers will think the tomcat instance is unhealthy.
> I just don't want that check to be logged at all.
> 
> Although there are other things that use the HTTP OPTIONS check, these load
> balancers are only exposed to internal traffic requesting specific servlets
> from the Tomcat servers, and so there won't be anything else of interest 
> using
> the HTTP OPTIONS request methods to the Tomcat servers.
> 
> 
> Hi Cédric.
> 
> What you posted is some Java code that needs to be compiled and then the
> resulting class file put somewhere where Tomcat can find it right?
yes.

> Is it only partial code where 'exclude' was some sort of pre-populated
> comma separated string?
yes, it was only the basic idea.

> Just checking as it doesn't look like anything that you can put direct 
> into a
> Tomcat configuration file to me.
> Or is it?
No.

There isn't any configuration option currently that I know of, which answers your need.
So the solution would be indeed to either modify the AccessLogValve code (which is openly

available), or override it (as Cedric seems to have done).

The remark that I made about the filtering of the OPTIONS requests in the logs by origin 
IP was generic, not specific to your case.
I do see a lot of such OPTIONS requests being logged also on servers which I manage, 
coming from internal watchdog software processes.  These are uninteresting for access log

purposes, and it would be nice to be able to filter them out.
On the other hand, and in general, there can also be OPTIONS requests coming from 
legitimate clients, which need to be logged.
So I did not suggest to filter all requests via IP, only to selectively log according to 
client IP.  The IP filtering would only concern the logging, not the request processing.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message