Tomcat 8 RemoteHostValve 不工作 [英] Tomcat 8 RemoteHostValve not working
问题描述
对我的服务器的访问应该仅限于某些远程主机,我希望允许 Uptimerobot 监控我的服务器.
The access to my server should be limited to some Remote hosts, and I want to allow Uptimerobot to monitor my server.
目前 uptimerobot 总是收到 403 Forbidden.
Currently uptimerobot gets always a 403 Forbidden.
我添加的 Server.xml 如下所示:
I added Server.xml looks like this:
<Server .........>
<Service name="Catalina">
<Engine>
<Value className="org.apache.catalina.valves.RemoteHostValve" allow=".*\.uptimerobot\.com" />
</Engine>
</Service>
匹配此列表中的所有主机UptimeRobot 白名单
To match all hosts in this list UptimeRobot Whitelist
但是重启服务器后没有任何变化,仍然是403.
But after restarting server nothing changed, still 403.
我也尝试使用不带通配符的域名,如下所示:
I also tried to use a domain-name without wildcards like this:
allow="engine19\.uptimerobot\.com"
allow="engine19.uptimerobot.com"
但仍然是 403,
我尝试通过添加启用主机名查找
I tried to enable hostnamelookups with adding
enableLookups="true"
到<连接器
标签,但同样没有效果.
to the <Connector
tag, but again no effect.
但在我的日志中,我看到访问被解析为与我的 RemoteHost-Pattern 匹配的engine19.uptimerobot.com".
But in my logs I see that the access is resolved to "engine19.uptimerobot.com" wich matches my RemoteHost-Pattern.
任何想法,为什么它仍然被禁止?
Any Ideas, why it is still forbidden ?
通过 IP 访问
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="63\.143\.42\.244"/>
正在工作.但我不想在那里添加整个 ips 列表.RemoteAddrValve
和 RemoteHostValve
是否有可能互相干扰?
is working. But I dont want to add the whole list of ips there.
Is it possible that RemoteAddrValve
and RemoteHostValve
are disturbing eachother ?
推荐答案
检查 tomcat/logs/local_access_log... 以查看 403 使用的主机名.
Check tomcat/logs/local_access_log... to see what host name used for 403.
我发现我们公司的 DNS 报告某些名称全部大写,而其他名称全部小写.使用 (?i) 使正则表达式不区分大小写:
I found that our company DNS reports some names in all uppercase and others in all lowercase. Use (?i) to have regex be case insensitive:
allow="(?i)engine19\.uptimerobot\.com"
如果您同时拥有 RemoteHostValve 和 RemoteAddValve,则两者都必须允许传入主机.如果其中一个不允许,则将返回 403.
If you have both RemoteHostValve and RemoteAddValve, both must allow an incoming host. If either does not allow then 403 will be returned.
这篇关于Tomcat 8 RemoteHostValve 不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!