Tomcat 8 RemoteHostValve 不工作 [英] Tomcat 8 RemoteHostValve not working

问题描述

对我的服务器的访问应该仅限于某些远程主机，我希望允许 Uptimerobot 监控我的服务器.

The access to my server should be limited to some Remote hosts, and I want to allow Uptimerobot to monitor my server.

目前 uptimerobot 总是收到 403 Forbidden.

Currently uptimerobot gets always a 403 Forbidden.

我添加的 Server.xml 如下所示:

I added Server.xml looks like this:

<Server .........>
  <Service name="Catalina">
      <Engine>
        <Value className="org.apache.catalina.valves.RemoteHostValve" allow=".*\.uptimerobot\.com" />
      </Engine>
  </Service>

匹配此列表中的所有主机UptimeRobot 白名单

To match all hosts in this list UptimeRobot Whitelist

但是重启服务器后没有任何变化，仍然是403.

But after restarting server nothing changed, still 403.

我也尝试使用不带通配符的域名，如下所示:

I also tried to use a domain-name without wildcards like this:

allow="engine19\.uptimerobot\.com"
allow="engine19.uptimerobot.com"

但仍然是 403，

我尝试通过添加启用主机名查找

I tried to enable hostnamelookups with adding

enableLookups="true"

到<连接器标签，但同样没有效果.

to the <Connector tag, but again no effect.

但在我的日志中，我看到访问被解析为与我的 RemoteHost-Pattern 匹配的engine19.uptimerobot.com".

But in my logs I see that the access is resolved to "engine19.uptimerobot.com" wich matches my RemoteHost-Pattern.

任何想法，为什么它仍然被禁止?

Any Ideas, why it is still forbidden ?

通过 IP 访问

 <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="63\.143\.42\.244"/>

正在工作.但我不想在那里添加整个 ips 列表.RemoteAddrValve 和 RemoteHostValve 是否有可能互相干扰?

is working. But I dont want to add the whole list of ips there. Is it possible that RemoteAddrValve and RemoteHostValve are disturbing eachother ?

推荐答案

检查 tomcat/logs/local_access_log... 以查看 403 使用的主机名.

Check tomcat/logs/local_access_log... to see what host name used for 403.

我发现我们公司的 DNS 报告某些名称全部大写，而其他名称全部小写.使用 (?i) 使正则表达式不区分大小写:

I found that our company DNS reports some names in all uppercase and others in all lowercase. Use (?i) to have regex be case insensitive:

allow="(?i)engine19\.uptimerobot\.com"

如果您同时拥有 RemoteHostValve 和 RemoteAddValve，则两者都必须允许传入主机.如果其中一个不允许，则将返回 403.

If you have both RemoteHostValve and RemoteAddValve, both must allow an incoming host. If either does not allow then 403 will be returned.

这篇关于Tomcat 8 RemoteHostValve 不工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！