[英]Tomcat 8 RemoteHostValve not working
The access to my server should be limited to some Remote hosts, and I want to allow Uptimerobot to monitor my server. 对我的服务器的访问应限于某些远程主机,我想允许Uptimerobot监视我的服务器。
Currently uptimerobot gets always a 403 Forbidden. 目前uptimerobot总是获得403 Forbidden。
I added Server.xml looks like this: 我添加了Server.xml,如下所示:
<Server .........>
<Service name="Catalina">
<Engine>
<Value className="org.apache.catalina.valves.RemoteHostValve" allow=".*\.uptimerobot\.com" />
</Engine>
</Service>
To match all hosts in this list UptimeRobot Whitelist 匹配此列表中的所有主机UptimeRobot白名单
But after restarting server nothing changed, still 403. 但重新启动服务器后没有任何改变,仍然是403。
I also tried to use a domain-name without wildcards like this: 我还尝试使用没有这样的通配符的域名:
allow="engine19\.uptimerobot\.com"
allow="engine19.uptimerobot.com"
But still 403, 但仍然是403,
I tried to enable hostnamelookups with adding 我试图通过添加启用hostnamelookups
enableLookups="true"
to the <Connector
tag, but again no effect. 到<Connector
标签,但再没有效果。
But in my logs I see that the access is resolved to "engine19.uptimerobot.com" wich matches my RemoteHost-Pattern. 但是在我的日志中,我看到访问被解析为“engine19.uptimerobot.com”,与我的RemoteHost-Pattern匹配。
Any Ideas, why it is still forbidden ? 任何想法,为什么它仍被禁止?
Access via IP with 通过IP访问
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="63\.143\.42\.244"/>
is working. 正在工作。 But I dont want to add the whole list of ips there. 但我不想在那里添加整个ips列表。 Is it possible that RemoteAddrValve
and RemoteHostValve
are disturbing eachother ? RemoteAddrValve
和RemoteHostValve
可能会相互干扰吗?
I have tried this and this worked for me 我试过这个,这对我有用
set useIPVHosts to true in connector (Inside server.xml). 在连接器中设置useIPVHosts为true(在server.xml内)。
I am using HTTP connector and it looks as follow 我正在使用HTTP连接器,它看起来如下
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
enableLookups="true"
useIPVHosts="true" />
Check tomcat/logs/local_access_log... to see what host name used for 403. 检查tomcat / logs / local_access_log ...以查看用于403的主机名。
I found that our company DNS reports some names in all uppercase and others in all lowercase. 我发现我们公司的DNS以全部大写形式报告一些名称,而其他名称全部以小写形式报告。 Use (?i) to have regex be case insensitive: 使用(?i)使正则表达式不区分大小写:
allow="(?i)engine19\.uptimerobot\.com"
If you have both RemoteHostValve and RemoteAddValve, both must allow an incoming host. 如果同时具有RemoteHostValve和RemoteAddValve,则两者都必须允许传入主机。 If either does not allow then 403 will be returned. 如果其中任何一个不允许,则返回403。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.