Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (athena.apache.org: domain of jim.barber@ddihealth.com
 designates 116.212.244.102 as permitted sender)
Message-ID: <5236CD12.7030802@ddihealth.com>
Date: Mon, 16 Sep 2013 17:19:14 +0800
From: Jim Barber <jim.barber@ddihealth.com>
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64;
 rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
CC: =?ISO-8859-1?Q?Andr=E9_Warnier?= <aw@ice-sa.com>
Subject: Re: Filtering HTTP OPTIONS request method from logs?
References: <5236B676.1020200@ddihealth.com>
 <CAMwoAzf90H4x7U5dUdnDO9XhzurdrZZR4d3k4uOa2RYZdbwAVQ@mail.gmail.com>
 <5236C566.6040407@ice-sa.com>
In-Reply-To: <5236C566.6040407@ice-sa.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

On 16/09/2013 4:46 PM, Andr� Warnier wrote:
> Apologies for top posting, just following the trend.
>
> OPTIONS are used quite a bit by e.g. DAV clients.
> Won't you want also to add an IP filter then, to be able to block selectively only the requests from the proxies themselves ?
>
> C�dric Couralet wrote:
>> Hi,
>>
>> I'm also interested in a method to filter those OPTIONS.
>> With the same setup, I basically created my own AccessLogValve wich
>> does the filtering, something like :
>>
>> /**
>>      * Don't log request when HTTP Method is one of the exclude List
>>      */
>>     @Override
>>     public void log(Request request, Response response, long time) {
>>
>>         if (Arrays.asList(exclude.split(",")).contains(request.getMethod())) {
>>             return;
>>         }
>>
>>         super.log(request, response, time);
>>     }
>>
>> But there must be something better.
>>
>>
>> 2013/9/16 Jim Barber <jim.barber@ddihealth.com>:
>>> Hi all.
>>>
>>> I'm hoping someone on this list can help me since I've been reading docs,
>>> mailing lists, FAQs, and so on for hours now, and I'm not having much luck
>>> finding an answer to my question.
>>>
>>> I am using Tomcat version 7.0.42 as packaged in Debian Linux.
>>> In front of my Tomcat servers, I am using haproxy for load balancing.
>>> The haproxy load balancers are using the HTTP OPTIONS request method to
>>> check
>>> if the Tomcat servers are alive and healthy.
>>>
>>> This results in log entries like the following in the Tomcat accesslog file:
>>>
>>> 10.122.32.4 - - [16/Sep/2013:17:12:49 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:12:51 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:12:53 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:12:55 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:12:57 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:12:59 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:13:01 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:13:03 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:13:05 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:13:07 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:13:09 +1000] "OPTIONS / HTTP/1.0" 200 -
>>> 10.122.32.4 - - [16/Sep/2013:17:13:11 +1000] "OPTIONS / HTTP/1.0" 200 -
>>>
>>> At the moment I'm getting one of these every 2seconds, but I haven't enabled
>>> the second load balancer for HA purposes yet.
>>> When I do that, I'll be getting twice as many hits of this type.
>>>
>>> This is going to result in rather large log files full of noise that I'm not
>>> interested in.
>>> I've been trying to work out how to filter these out.
>>> Basically I don't want to log anything that is using the HTTP OPTIONS
>>> Request
>>> Method, but still want to log anything else that Tomcat usually logs.
>>>
>>> I have a feeling it will come down to modifying the following entry in the
>>> /etc/tomcat7/server.xml file:
>>>
>>> <Valve className="org.apache.catalina.valves.AccessLogValve"
>>> directory="logs"
>>>        prefix="localhost_access_log." suffix=".txt"
>>>        pattern="%h %l %u %t &quot;%r&quot; %s %b" />
>>>
>>> Specifically adding the condition="<VALUE>" attribute, but I have no idea
>>> what to set
>>> <VALUE> to.
>>> The docs say that if ServletRequest.getAttribute(<VALUE>) returns null for
>>> the
>>> attribute defined in condition, then the item will be logged.
>>> Is there an ServletRequest attribute that is null when the http request
>>> method
>>> is not using "OPTIONS"?
>>>
>>> Or am I completely off track and there is a different way to filter these
>>> access log messages?
>>>
>>> Regards,
>>>
>>> --
>>> Jim Barber

Hi Andr�.

I'm not sure I follow what you're saying.
I don't want an IP filter, since I need the HTTP OPTIONS check from the load
balancers to reach the Tomcat servers and a response to come back, or else the
load balancers will think the tomcat instance is unhealthy.
I just don't want that check to be logged at all.

Although there are other things that use the HTTP OPTIONS check, these load
balancers are only exposed to internal traffic requesting specific servlets
from the Tomcat servers, and so there won't be anything else of interest using
the HTTP OPTIONS request methods to the Tomcat servers.


Hi C�dric.

What you posted is some Java code that needs to be compiled and then the
resulting class file put somewhere where Tomcat can find it right?
Is it only partial code where 'exclude' was some sort of pre-populated
comma separated string?
Just checking as it doesn't look like anything that you can put direct into a
Tomcat configuration file to me.
Or is it?

Regards,

Jim Barber

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org