Lines 40-52
Link Here
|
40 |
web applications by configuring them in the application's |
40 |
web applications by configuring them in the application's |
41 |
<code>WEB-INF/web.xml</code>. Each filter is described below.</p> |
41 |
<code>WEB-INF/web.xml</code>. Each filter is described below.</p> |
42 |
|
42 |
|
43 |
<blockquote><em> |
43 |
<p><em>This description uses the variable name $CATALINA_BASE to refer the |
44 |
<p>This description uses the variable name $CATALINA_BASE to refer the |
|
|
45 |
base directory against which most relative paths are resolved. If you have |
44 |
base directory against which most relative paths are resolved. If you have |
46 |
not configured Tomcat for multiple instances by setting a CATALINA_BASE |
45 |
not configured Tomcat for multiple instances by setting a CATALINA_BASE |
47 |
directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME, |
46 |
directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME, |
48 |
the directory into which you have installed Tomcat.</p> |
47 |
the directory into which you have installed Tomcat.</em></p> |
49 |
</em></blockquote> |
|
|
50 |
|
48 |
|
51 |
</section> |
49 |
</section> |
52 |
|
50 |
|
Lines 110-125
Link Here
|
110 |
<a href="../images/cors-flowchart.png">flowchart</a> that |
108 |
<a href="../images/cors-flowchart.png">flowchart</a> that |
111 |
demonstrates request processing by this filter is available.</p> |
109 |
demonstrates request processing by this filter is available.</p> |
112 |
<p>The minimal configuration required to use this filter is:</p> |
110 |
<p>The minimal configuration required to use this filter is:</p> |
113 |
<source> |
111 |
<source><![CDATA[<filter> |
114 |
<filter> |
112 |
<filter-name>CorsFilter</filter-name> |
115 |
<filter-name>CorsFilter</filter-name> |
113 |
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class> |
116 |
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class> |
114 |
</filter> |
117 |
</filter> |
115 |
<filter-mapping> |
118 |
<filter-mapping> |
116 |
<filter-name>CorsFilter</filter-name> |
119 |
<filter-name>CorsFilter</filter-name> |
117 |
<url-pattern>/*</url-pattern> |
120 |
<url-pattern>/*</url-pattern> |
118 |
</filter-mapping>]]></source> |
121 |
</filter-mapping> |
|
|
122 |
</source> |
123 |
</subsection> |
119 |
</subsection> |
124 |
<subsection name="Filter Class Name"> |
120 |
<subsection name="Filter Class Name"> |
125 |
<p>The filter class name for the CORS Filter is |
121 |
<p>The filter class name for the CORS Filter is |
Lines 185-224
Link Here
|
185 |
</attributes> |
181 |
</attributes> |
186 |
<p>Here's an example of a more advanced configuration, that overrides |
182 |
<p>Here's an example of a more advanced configuration, that overrides |
187 |
defaults:</p> |
183 |
defaults:</p> |
188 |
<source> |
184 |
<source><![CDATA[<filter> |
189 |
<filter> |
185 |
<filter-name>CorsFilter</filter-name> |
190 |
<filter-name>CorsFilter</filter-name> |
186 |
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class> |
191 |
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class> |
187 |
<init-param> |
192 |
<init-param> |
188 |
<param-name>cors.allowed.origins</param-name> |
193 |
<param-name>cors.allowed.origins</param-name> |
189 |
<param-value>*</param-value> |
194 |
<param-value>*</param-value> |
190 |
</init-param> |
195 |
</init-param> |
191 |
<init-param> |
196 |
<init-param> |
192 |
<param-name>cors.allowed.methods</param-name> |
197 |
<param-name>cors.allowed.methods</param-name> |
193 |
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> |
198 |
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> |
194 |
</init-param> |
199 |
</init-param> |
195 |
<init-param> |
200 |
<init-param> |
196 |
<param-name>cors.allowed.headers</param-name> |
201 |
<param-name>cors.allowed.headers</param-name> |
197 |
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> |
202 |
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> |
198 |
</init-param> |
203 |
</init-param> |
199 |
<init-param> |
204 |
<init-param> |
200 |
<param-name>cors.exposed.headers</param-name> |
205 |
<param-name>cors.exposed.headers</param-name> |
201 |
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> |
206 |
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> |
202 |
</init-param> |
207 |
</init-param> |
203 |
<init-param> |
208 |
<init-param> |
204 |
<param-name>cors.support.credentials</param-name> |
209 |
<param-name>cors.support.credentials</param-name> |
205 |
<param-value>true</param-value> |
210 |
<param-value>true</param-value> |
206 |
</init-param> |
211 |
</init-param> |
207 |
<init-param> |
212 |
<init-param> |
208 |
<param-name>cors.preflight.maxage</param-name> |
213 |
<param-name>cors.preflight.maxage</param-name> |
209 |
<param-value>10</param-value> |
214 |
<param-value>10</param-value> |
210 |
</init-param> |
215 |
</init-param> |
211 |
</filter> |
216 |
</filter> |
212 |
<filter-mapping> |
217 |
<filter-mapping> |
213 |
<filter-name>CorsFilter</filter-name> |
218 |
<filter-name>CorsFilter</filter-name> |
214 |
<url-pattern>/*</url-pattern> |
219 |
<url-pattern>/*</url-pattern> |
215 |
</filter-mapping>]]></source> |
220 |
</filter-mapping> |
|
|
221 |
</source> |
222 |
</subsection> |
216 |
</subsection> |
223 |
<subsection name="CORS Filter and HttpServletRequest attributes"> |
217 |
<subsection name="CORS Filter and HttpServletRequest attributes"> |
224 |
<p>CORS Filter adds information about the request, in HttpServletRequest |
218 |
<p>CORS Filter adds information about the request, in HttpServletRequest |
Lines 353-384
Link Here
|
353 |
headers to images, css and javascript. |
347 |
headers to images, css and javascript. |
354 |
</p> |
348 |
</p> |
355 |
|
349 |
|
356 |
<source> |
350 |
<source><![CDATA[<filter> |
357 |
<filter> |
351 |
<filter-name>ExpiresFilter</filter-name> |
358 |
<filter-name>ExpiresFilter</filter-name> |
352 |
<filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class> |
359 |
<filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class> |
353 |
<init-param> |
360 |
<init-param> |
354 |
<param-name>ExpiresByType image</param-name> |
361 |
<param-name>ExpiresByType image</param-name> |
355 |
<param-value>access plus 10 minutes</param-value> |
362 |
<param-value>access plus 10 minutes</param-value> |
356 |
</init-param> |
363 |
</init-param> |
357 |
<init-param> |
364 |
<init-param> |
358 |
<param-name>ExpiresByType text/css</param-name> |
365 |
<param-name>ExpiresByType text/css</param-name> |
359 |
<param-value>access plus 10 minutes</param-value> |
366 |
<param-value>access plus 10 minutes</param-value> |
360 |
</init-param> |
367 |
</init-param> |
361 |
<init-param> |
368 |
<init-param> |
362 |
<param-name>ExpiresByType application/javascript</param-name> |
369 |
<param-name>ExpiresByType application/javascript</param-name> |
363 |
<param-value>access plus 10 minutes</param-value> |
370 |
<param-value>access plus 10 minutes</param-value> |
364 |
</init-param> |
371 |
</init-param> |
365 |
</filter> |
372 |
</filter> |
|
|
373 |
... |
366 |
... |
374 |
<filter-mapping> |
367 |
<filter-mapping> |
375 |
<filter-name>ExpiresFilter</filter-name> |
368 |
<filter-name>ExpiresFilter</filter-name> |
376 |
<url-pattern>/*</url-pattern> |
369 |
<url-pattern>/*</url-pattern> |
377 |
<dispatcher>REQUEST</dispatcher> |
370 |
<dispatcher>REQUEST</dispatcher> |
378 |
</filter-mapping> |
371 |
</filter-mapping>]]></source> |
379 |
|
372 |
|
380 |
</source> |
|
|
381 |
|
382 |
</subsection> |
373 |
</subsection> |
383 |
|
374 |
|
384 |
<subsection name="Alternate Syntax"> |
375 |
<subsection name="Alternate Syntax"> |
Lines 387-420
Link Here
|
387 |
defined in a more readable syntax of the form: |
378 |
defined in a more readable syntax of the form: |
388 |
</p> |
379 |
</p> |
389 |
|
380 |
|
390 |
<source> |
381 |
<source><![CDATA[<init-param> |
391 |
<init-param> |
382 |
<param-name>ExpiresDefault</param-name> |
392 |
<param-name>ExpiresDefault</param-name> |
383 |
<param-value><base> [plus] {<num> <type>}*</param-value> |
393 |
<param-value><base> [plus] {<num> <type>}*</param-value> |
384 |
</init-param> |
394 |
</init-param> |
|
|
395 |
|
385 |
|
396 |
<init-param> |
386 |
<init-param> |
397 |
<param-name>ExpiresByType type</param-name> |
387 |
<param-name>ExpiresByType type</param-name> |
398 |
<param-value><base> [plus] {<num> <type>}*</param-value> |
388 |
<param-value><base> [plus] {<num> <type>}*</param-value> |
399 |
</init-param> |
389 |
</init-param> |
400 |
|
390 |
|
401 |
<init-param> |
391 |
<init-param> |
402 |
<param-name>ExpiresByType type;encoding</param-name> |
392 |
<param-name>ExpiresByType type;encoding</param-name> |
403 |
<param-value><base> [plus] {<num> <type>}*</param-value> |
393 |
<param-value><base> [plus] {<num> <type>}*</param-value> |
404 |
</init-param> |
394 |
</init-param>]]></source> |
405 |
</source> |
|
|
406 |
<p> |
395 |
<p> |
407 |
where <code><base></code> is one of: |
396 |
where <code><base></code> is one of: |
|
|
397 |
</p> |
408 |
<ul> |
398 |
<ul> |
409 |
<li><code>access</code></li> |
399 |
<li><code>access</code></li> |
410 |
<li><code>now</code> (equivalent to '<code>access</code>')</li> |
400 |
<li><code>now</code> (equivalent to '<code>access</code>')</li> |
411 |
<li><code>modification</code></li> |
401 |
<li><code>modification</code></li> |
412 |
</ul> |
402 |
</ul> |
413 |
</p> |
403 |
|
414 |
<p> |
404 |
<p> |
415 |
The <code>plus</code> keyword is optional. <code><num></code> should be an |
405 |
The <code>plus</code> keyword is optional. <code><num></code> should be an |
416 |
integer value (acceptable to <code>Integer.parseInt()</code>), and |
406 |
integer value (acceptable to <code>Integer.parseInt()</code>), and |
417 |
<code><type></code> is one of: |
407 |
<code><type></code> is one of: |
|
|
408 |
</p> |
418 |
<ul> |
409 |
<ul> |
419 |
<li><code>years</code></li> |
410 |
<li><code>years</code></li> |
420 |
<li><code>months</code></li> |
411 |
<li><code>months</code></li> |
Lines 424-465
Link Here
|
424 |
<li><code>minutes</code></li> |
415 |
<li><code>minutes</code></li> |
425 |
<li><code>seconds</code></li> |
416 |
<li><code>seconds</code></li> |
426 |
</ul> |
417 |
</ul> |
|
|
418 |
<p> |
427 |
For example, any of the following directives can be used to make documents |
419 |
For example, any of the following directives can be used to make documents |
428 |
expire 1 month after being accessed, by default: |
420 |
expire 1 month after being accessed, by default: |
429 |
</p> |
421 |
</p> |
430 |
|
422 |
|
431 |
<source> |
423 |
<source><![CDATA[<init-param> |
432 |
<init-param> |
424 |
<param-name>ExpiresDefault</param-name> |
433 |
<param-name>ExpiresDefault</param-name> |
425 |
<param-value>access plus 1 month</param-value> |
434 |
<param-value>access plus 1 month</param-value> |
426 |
</init-param> |
435 |
</init-param> |
|
|
436 |
|
427 |
|
437 |
<init-param> |
428 |
<init-param> |
438 |
<param-name>ExpiresDefault</param-name> |
429 |
<param-name>ExpiresDefault</param-name> |
439 |
<param-value>access plus 4 weeks</param-value> |
430 |
<param-value>access plus 4 weeks</param-value> |
440 |
</init-param> |
431 |
</init-param> |
441 |
|
432 |
|
442 |
<init-param> |
433 |
<init-param> |
443 |
<param-name>ExpiresDefault</param-name> |
434 |
<param-name>ExpiresDefault</param-name> |
444 |
<param-value>access plus 30 days</param-value> |
435 |
<param-value>access plus 30 days</param-value> |
445 |
</init-param> |
436 |
</init-param>]]></source> |
446 |
</source> |
|
|
447 |
<p> |
437 |
<p> |
448 |
The expiry time can be fine-tuned by adding several ' |
438 |
The expiry time can be fine-tuned by adding several ' |
449 |
<code><num> <type></code>' clauses: |
439 |
<code><num> <type></code>' clauses: |
450 |
</p> |
440 |
</p> |
451 |
|
441 |
|
452 |
<source> |
442 |
<source><![CDATA[<init-param> |
453 |
<init-param> |
443 |
<param-name>ExpiresByType text/html</param-name> |
454 |
<param-name>ExpiresByType text/html</param-name> |
444 |
<param-value>access plus 1 month 15 days 2 hours</param-value> |
455 |
<param-value>access plus 1 month 15 days 2 hours</param-value> |
445 |
</init-param> |
456 |
</init-param> |
|
|
457 |
|
446 |
|
458 |
<init-param> |
447 |
<init-param> |
459 |
<param-name>ExpiresByType image/gif</param-name> |
448 |
<param-name>ExpiresByType image/gif</param-name> |
460 |
<param-value>modification plus 5 hours 3 minutes</param-value> |
449 |
<param-value>modification plus 5 hours 3 minutes</param-value> |
461 |
</init-param> |
450 |
</init-param>]]></source> |
462 |
</source> |
|
|
463 |
<p> |
451 |
<p> |
464 |
Note that if you use a modification date based setting, the <code>Expires</code> |
452 |
Note that if you use a modification date based setting, the <code>Expires</code> |
465 |
header will <strong>not</strong> be added to content that does not come from |
453 |
header will <strong>not</strong> be added to content that does not come from |
Lines 471-476
Link Here
|
471 |
<subsection name="Expiration headers generation eligibility"> |
459 |
<subsection name="Expiration headers generation eligibility"> |
472 |
<p> |
460 |
<p> |
473 |
A response is eligible to be enriched by <code>ExpiresFilter</code> if : |
461 |
A response is eligible to be enriched by <code>ExpiresFilter</code> if : |
|
|
462 |
</p> |
474 |
<ol> |
463 |
<ol> |
475 |
<li>no expiration header is defined (<code>Expires</code> header or the |
464 |
<li>no expiration header is defined (<code>Expires</code> header or the |
476 |
<code>max-age</code> directive of the <code>Cache-Control</code> header),</li> |
465 |
<code>max-age</code> directive of the <code>Cache-Control</code> header),</li> |
Lines 480-486
Link Here
|
480 |
defined the in <code>ExpiresByType</code> directives or the |
469 |
defined the in <code>ExpiresByType</code> directives or the |
481 |
<code>ExpiresDefault</code> directive is defined.</li> |
470 |
<code>ExpiresDefault</code> directive is defined.</li> |
482 |
</ol> |
471 |
</ol> |
483 |
</p> |
472 |
|
484 |
<p> |
473 |
<p> |
485 |
Note : If <code>Cache-Control</code> header contains other directives than |
474 |
Note : If <code>Cache-Control</code> header contains other directives than |
486 |
<code>max-age</code>, they are concatenated with the <code>max-age</code> directive |
475 |
<code>max-age</code>, they are concatenated with the <code>max-age</code> directive |
Lines 492-497
Link Here
|
492 |
<subsection name="Expiration configuration selection"> |
481 |
<subsection name="Expiration configuration selection"> |
493 |
<p> |
482 |
<p> |
494 |
The expiration configuration if elected according to the following algorithm: |
483 |
The expiration configuration if elected according to the following algorithm: |
|
|
484 |
</p> |
495 |
<ol> |
485 |
<ol> |
496 |
<li><code>ExpiresByType</code> matching the exact content-type returned by |
486 |
<li><code>ExpiresByType</code> matching the exact content-type returned by |
497 |
<code>HttpServletResponse.getContentType()</code> possibly including the charset |
487 |
<code>HttpServletResponse.getContentType()</code> possibly including the charset |
Lines 505-511
Link Here
|
505 |
'),</li> |
495 |
'),</li> |
506 |
<li><code>ExpiresDefault</code></li> |
496 |
<li><code>ExpiresDefault</code></li> |
507 |
</ol> |
497 |
</ol> |
508 |
</p> |
498 |
|
509 |
</subsection> |
499 |
</subsection> |
510 |
|
500 |
|
511 |
<subsection name="Filter Class Name"> |
501 |
<subsection name="Filter Class Name"> |
Lines 600-628
Link Here
|
600 |
</attribute> |
590 |
</attribute> |
601 |
</attributes> |
591 |
</attributes> |
602 |
|
592 |
|
603 |
<p><i>Sample : exclude response status codes 302, 500 and 503</i></p> |
593 |
<p><i>Sample: exclude response status codes 302, 500 and 503</i></p> |
604 |
|
594 |
|
605 |
<source> |
595 |
<source><![CDATA[<init-param> |
606 |
<init-param> |
596 |
<param-name>ExpiresExcludedResponseStatusCodes</param-name> |
607 |
<param-name>ExpiresExcludedResponseStatusCodes</param-name> |
597 |
<param-value>302, 500, 503</param-value> |
608 |
<param-value>302, 500, 503</param-value> |
598 |
</init-param>]]></source> |
609 |
</init-param> |
|
|
610 |
</source> |
611 |
|
599 |
|
612 |
<p><i>Sample for ExpiresByType initialization parameter</i></p> |
600 |
<p><i>Sample for ExpiresByType initialization parameter</i></p> |
613 |
|
601 |
|
614 |
<source> |
602 |
<source><![CDATA[<init-param> |
615 |
<init-param> |
603 |
<param-name>ExpiresByType text/html</param-name> |
616 |
<param-name>ExpiresByType text/html</param-name> |
604 |
<param-value>access plus 1 month 15 days 2 hours</param-value> |
617 |
<param-value>access plus 1 month 15 days 2 hours</param-value> |
605 |
</init-param> |
618 |
</init-param> |
|
|
619 |
|
606 |
|
620 |
<init-param> |
607 |
<init-param> |
621 |
<!-- 2592000 seconds = 30 days --> |
608 |
<!-- 2592000 seconds = 30 days --> |
622 |
<param-name>ExpiresByType image/gif</param-name> |
609 |
<param-name>ExpiresByType image/gif</param-name> |
623 |
<param-value>A2592000</param-value> |
610 |
<param-value>A2592000</param-value> |
624 |
</init-param> |
611 |
</init-param>]]></source> |
625 |
</source> |
|
|
626 |
|
612 |
|
627 |
</subsection> |
613 |
</subsection> |
628 |
|
614 |
|
Lines 635-649
Link Here
|
635 |
Extract of logging.properties |
621 |
Extract of logging.properties |
636 |
</p> |
622 |
</p> |
637 |
|
623 |
|
638 |
<source> |
624 |
<source>org.apache.catalina.filters.ExpiresFilter.level = FINE </source> |
639 |
org.apache.catalina.filters.ExpiresFilter.level = FINE |
|
|
640 |
</source> |
641 |
<p> |
625 |
<p> |
642 |
Sample of initialization log message: |
626 |
Sample of initialization log message: |
643 |
</p> |
627 |
</p> |
644 |
|
628 |
|
645 |
<source> |
629 |
<source>Mar 26, 2010 2:01:41 PM org.apache.catalina.filters.ExpiresFilter init |
646 |
Mar 26, 2010 2:01:41 PM org.apache.catalina.filters.ExpiresFilter init |
|
|
647 |
FINE: Filter initialized with configuration ExpiresFilter[ |
630 |
FINE: Filter initialized with configuration ExpiresFilter[ |
648 |
excludedResponseStatusCode=[304], |
631 |
excludedResponseStatusCode=[304], |
649 |
default=null, |
632 |
default=null, |
Lines 650-657
Link Here
|
650 |
byType={ |
633 |
byType={ |
651 |
image=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]], |
634 |
image=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]], |
652 |
text/css=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]], |
635 |
text/css=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]], |
653 |
text/javascript=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]]}] |
636 |
text/javascript=ExpiresConfiguration[startingPoint=ACCESS_TIME, duration=[10 MINUTE]]}]</source> |
654 |
</source> |
|
|
655 |
<p> |
637 |
<p> |
656 |
Sample of per-request log message where <code>ExpiresFilter</code> adds an |
638 |
Sample of per-request log message where <code>ExpiresFilter</code> adds an |
657 |
expiration date is below. The message is on one line and is wrapped here |
639 |
expiration date is below. The message is on one line and is wrapped here |
Lines 658-678
Link Here
|
658 |
for better readability. |
640 |
for better readability. |
659 |
</p> |
641 |
</p> |
660 |
|
642 |
|
661 |
<source> |
643 |
<source>Mar 26, 2010 2:09:47 PM org.apache.catalina.filters.ExpiresFilter onBeforeWriteResponseBody |
662 |
Mar 26, 2010 2:09:47 PM org.apache.catalina.filters.ExpiresFilter onBeforeWriteResponseBody |
|
|
663 |
FINE: Request "/tomcat.gif" with response status "200" |
644 |
FINE: Request "/tomcat.gif" with response status "200" |
664 |
content-type "image/gif", set expiration date 3/26/10 2:19 PM |
645 |
content-type "image/gif", set expiration date 3/26/10 2:19 PM</source> |
665 |
</source> |
|
|
666 |
<p> |
646 |
<p> |
667 |
Sample of per-request log message where <code>ExpiresFilter</code> does not add |
647 |
Sample of per-request log message where <code>ExpiresFilter</code> does not add |
668 |
an expiration date: |
648 |
an expiration date: |
669 |
</p> |
649 |
</p> |
670 |
|
650 |
|
671 |
<source> |
651 |
<source>Mar 26, 2010 2:10:27 PM org.apache.catalina.filters.ExpiresFilter onBeforeWriteResponseBody |
672 |
Mar 26, 2010 2:10:27 PM org.apache.catalina.filters.ExpiresFilter onBeforeWriteResponseBody |
|
|
673 |
FINE: Request "/docs/config/manager.html" with response status "200" |
652 |
FINE: Request "/docs/config/manager.html" with response status "200" |
674 |
content-type "text/html", no expiration configured |
653 |
content-type "text/html", no expiration configured</source> |
675 |
</source> |
|
|
676 |
</subsection> |
654 |
</subsection> |
677 |
|
655 |
|
678 |
</section> |
656 |
</section> |
Lines 789-808
Link Here
|
789 |
|
767 |
|
790 |
<subsection name="Example"> |
768 |
<subsection name="Example"> |
791 |
<p>To allow access only for the clients connecting from localhost:</p> |
769 |
<p>To allow access only for the clients connecting from localhost:</p> |
792 |
<source> |
770 |
<source><![CDATA[ <filter> |
793 |
<filter> |
771 |
<filter-name>Remote Address Filter</filter-name> |
794 |
<filter-name>Remote Address Filter</filter-name> |
772 |
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> |
795 |
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> |
773 |
<init-param> |
796 |
<init-param> |
774 |
<param-name>allow</param-name> |
797 |
<param-name>allow</param-name> |
775 |
<param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> |
798 |
<param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> |
776 |
</init-param> |
799 |
</init-param> |
777 |
</filter> |
800 |
</filter> |
778 |
<filter-mapping> |
801 |
<filter-mapping> |
779 |
<filter-name>Remote Address Filter</filter-name> |
802 |
<filter-name>Remote Address Filter</filter-name> |
780 |
<url-pattern>/*</url-pattern> |
803 |
<url-pattern>/*</url-pattern> |
781 |
</filter-mapping>]]></source> |
804 |
</filter-mapping> |
|
|
805 |
</source> |
806 |
</subsection> |
782 |
</subsection> |
807 |
|
783 |
|
808 |
</section> |
784 |
</section> |
Lines 930-947
Link Here
|
930 |
<p> |
906 |
<p> |
931 |
The filter will process the <code>x-forwarded-for</code> http header. |
907 |
The filter will process the <code>x-forwarded-for</code> http header. |
932 |
</p> |
908 |
</p> |
933 |
<source> |
909 |
<source><![CDATA[ <filter> |
934 |
<filter> |
910 |
<filter-name>RemoteIpFilter</filter-name> |
935 |
<filter-name>RemoteIpFilter</filter-name> |
911 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
936 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
912 |
</filter> |
937 |
</filter> |
|
|
938 |
|
913 |
|
939 |
<filter-mapping> |
914 |
<filter-mapping> |
940 |
<filter-name>RemoteIpFilter</filter-name> |
915 |
<filter-name>RemoteIpFilter</filter-name> |
941 |
<url-pattern>/*</url-pattern> |
916 |
<url-pattern>/*</url-pattern> |
942 |
<dispatcher>REQUEST</dispatcher> |
917 |
<dispatcher>REQUEST</dispatcher> |
943 |
</filter-mapping> |
918 |
</filter-mapping>]]></source> |
944 |
</source> |
|
|
945 |
</subsection> |
919 |
</subsection> |
946 |
|
920 |
|
947 |
<subsection name="Basic configuration to handle 'x-forwarded-for' and 'x-forwarded-proto'"> |
921 |
<subsection name="Basic configuration to handle 'x-forwarded-for' and 'x-forwarded-proto'"> |
Lines 951-1004
Link Here
|
951 |
<code>x-forwarded-proto</code> http headers. Expected value for the |
925 |
<code>x-forwarded-proto</code> http headers. Expected value for the |
952 |
<code>x-forwarded-proto</code> header in case of SSL connections is |
926 |
<code>x-forwarded-proto</code> header in case of SSL connections is |
953 |
<code>https</code> (case insensitive). </p> |
927 |
<code>https</code> (case insensitive). </p> |
954 |
<source> |
928 |
<source><![CDATA[ <filter> |
955 |
<filter> |
929 |
<filter-name>RemoteIpFilter</filter-name> |
956 |
<filter-name>RemoteIpFilter</filter-name> |
930 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
957 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
931 |
<init-param> |
958 |
<init-param> |
932 |
<param-name>protocolHeader</param-name> |
959 |
<param-name>protocolHeader</param-name> |
933 |
<param-value>x-forwarded-proto</param-value> |
960 |
<param-value>x-forwarded-proto</param-value> |
934 |
</init-param> |
961 |
</init-param> |
935 |
</filter> |
962 |
</filter> |
|
|
963 |
|
936 |
|
964 |
<filter-mapping> |
937 |
<filter-mapping> |
965 |
<filter-name>RemoteIpFilter</filter-name> |
938 |
<filter-name>RemoteIpFilter</filter-name> |
966 |
<url-pattern>/*</url-pattern> |
939 |
<url-pattern>/*</url-pattern> |
967 |
<dispatcher>REQUEST</dispatcher> |
940 |
<dispatcher>REQUEST</dispatcher> |
968 |
</filter-mapping> |
941 |
</filter-mapping>]]></source> |
969 |
</source> |
|
|
970 |
</subsection> |
942 |
</subsection> |
971 |
|
943 |
|
972 |
<subsection name="Advanced configuration with internal proxies"> |
944 |
<subsection name="Advanced configuration with internal proxies"> |
973 |
<p>RemoteIpFilter configuration: </p> |
945 |
<p>RemoteIpFilter configuration: </p> |
974 |
<source> |
946 |
<source><![CDATA[ <filter> |
975 |
<filter> |
947 |
<filter-name>RemoteIpFilter</filter-name> |
976 |
<filter-name>RemoteIpFilter</filter-name> |
948 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
977 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
949 |
<init-param> |
978 |
<init-param> |
950 |
<param-name>allowedInternalProxies</param-name> |
979 |
<param-name>allowedInternalProxies</param-name> |
951 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
980 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
952 |
</init-param> |
981 |
</init-param> |
953 |
<init-param> |
982 |
<init-param> |
954 |
<param-name>remoteIpHeader</param-name> |
983 |
<param-name>remoteIpHeader</param-name> |
955 |
<param-value>x-forwarded-for</param-value> |
984 |
<param-value>x-forwarded-for</param-value> |
956 |
</init-param> |
985 |
</init-param> |
957 |
<init-param> |
986 |
<init-param> |
958 |
<param-name>remoteIpProxiesHeader</param-name> |
987 |
<param-name>remoteIpProxiesHeader</param-name> |
959 |
<param-value>x-forwarded-by</param-value> |
988 |
<param-value>x-forwarded-by</param-value> |
960 |
</init-param> |
989 |
</init-param> |
961 |
<init-param> |
990 |
<init-param> |
962 |
<param-name>protocolHeader</param-name> |
991 |
<param-name>protocolHeader</param-name> |
963 |
<param-value>x-forwarded-proto</param-value> |
992 |
<param-value>x-forwarded-proto</param-value> |
964 |
</init-param> |
993 |
</init-param> |
965 |
</filter>]]></source> |
994 |
</filter> |
966 |
<p>Request values:</p> |
995 |
</source> |
967 |
<table class="defaultTable"> |
996 |
<p>Request values: |
|
|
997 |
<table border="1" cellpadding="5"> |
998 |
<tr> |
968 |
<tr> |
999 |
<th bgcolor="#023264"><font color="#ffffff">Property</font></th> |
969 |
<th>Property</th> |
1000 |
<th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th> |
970 |
<th>Value Before RemoteIpFilter</th> |
1001 |
<th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th> |
971 |
<th>Value After RemoteIpFilter</th> |
1002 |
</tr> |
972 |
</tr> |
1003 |
<tr> |
973 |
<tr> |
1004 |
<td> request.remoteAddr </td> |
974 |
<td> request.remoteAddr </td> |
Lines 1036-1042
Link Here
|
1036 |
<td> 443 </td> |
1006 |
<td> 443 </td> |
1037 |
</tr> |
1007 |
</tr> |
1038 |
</table> |
1008 |
</table> |
1039 |
</p> |
1009 |
|
1040 |
<p> |
1010 |
<p> |
1041 |
Note : <code>x-forwarded-by</code> header is <code>null</code> because only |
1011 |
Note : <code>x-forwarded-by</code> header is <code>null</code> because only |
1042 |
internal proxies has been traversed by the request. |
1012 |
internal proxies has been traversed by the request. |
Lines 1048-1080
Link Here
|
1048 |
|
1018 |
|
1049 |
<subsection name="Advanced configuration with trusted proxies"> |
1019 |
<subsection name="Advanced configuration with trusted proxies"> |
1050 |
<p>RemoteIpFilter configuration: </p> |
1020 |
<p>RemoteIpFilter configuration: </p> |
1051 |
<source> |
1021 |
<source><![CDATA[ <filter> |
1052 |
<filter> |
1022 |
<filter-name>RemoteIpFilter</filter-name> |
1053 |
<filter-name>RemoteIpFilter</filter-name> |
1023 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
1054 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
1024 |
<init-param> |
1055 |
<init-param> |
1025 |
<param-name>allowedInternalProxies</param-name> |
1056 |
<param-name>allowedInternalProxies</param-name> |
1026 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
1057 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
1027 |
</init-param> |
1058 |
</init-param> |
1028 |
<init-param> |
1059 |
<init-param> |
1029 |
<param-name>remoteIpHeader</param-name> |
1060 |
<param-name>remoteIpHeader</param-name> |
1030 |
<param-value>x-forwarded-for</param-value> |
1061 |
<param-value>x-forwarded-for</param-value> |
1031 |
</init-param> |
1062 |
</init-param> |
1032 |
<init-param> |
1063 |
<init-param> |
1033 |
<param-name>remoteIpProxiesHeader</param-name> |
1064 |
<param-name>remoteIpProxiesHeader</param-name> |
1034 |
<param-value>x-forwarded-by</param-value> |
1065 |
<param-value>x-forwarded-by</param-value> |
1035 |
</init-param> |
1066 |
</init-param> |
1036 |
<init-param> |
1067 |
<init-param> |
1037 |
<param-name>trustedProxies</param-name> |
1068 |
<param-name>trustedProxies</param-name> |
1038 |
<param-value>proxy1|proxy2</param-value> |
1069 |
<param-value>proxy1|proxy2</param-value> |
1039 |
</init-param> |
1070 |
</init-param> |
1040 |
</filter>]]></source> |
1071 |
</filter> |
1041 |
<p>Request values:</p> |
1072 |
</source> |
1042 |
<table class="defaultTable"> |
1073 |
<p>Request values: <table border="1" cellpadding="5"> |
|
|
1074 |
<tr> |
1043 |
<tr> |
1075 |
<th bgcolor="#023264"><font color="#ffffff">Property</font></th> |
1044 |
<th>Property</th> |
1076 |
<th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th> |
1045 |
<th>Value Before RemoteIpFilter</th> |
1077 |
<th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th> |
1046 |
<th>Value After RemoteIpFilter</th> |
1078 |
</tr> |
1047 |
</tr> |
1079 |
<tr> |
1048 |
<tr> |
1080 |
<td> request.remoteAddr </td> |
1049 |
<td> request.remoteAddr </td> |
Lines 1092-1098
Link Here
|
1092 |
<td> proxy1, proxy2 </td> |
1061 |
<td> proxy1, proxy2 </td> |
1093 |
</tr> |
1062 |
</tr> |
1094 |
</table> |
1063 |
</table> |
1095 |
</p> |
1064 |
|
1096 |
<p> |
1065 |
<p> |
1097 |
Note : <code>proxy1</code> and <code>proxy2</code> are both trusted proxies that |
1066 |
Note : <code>proxy1</code> and <code>proxy2</code> are both trusted proxies that |
1098 |
come in <code>x-forwarded-for</code> header, they both are migrated in |
1067 |
come in <code>x-forwarded-for</code> header, they both are migrated in |
Lines 1103-1135
Link Here
|
1103 |
|
1072 |
|
1104 |
<subsection name="Advanced configuration with internal and trusted proxies"> |
1073 |
<subsection name="Advanced configuration with internal and trusted proxies"> |
1105 |
<p>RemoteIpFilter configuration: </p> |
1074 |
<p>RemoteIpFilter configuration: </p> |
1106 |
<source> |
1075 |
<source><![CDATA[ <filter> |
1107 |
<filter> |
1076 |
<filter-name>RemoteIpFilter</filter-name> |
1108 |
<filter-name>RemoteIpFilter</filter-name> |
1077 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
1109 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
1078 |
<init-param> |
1110 |
<init-param> |
1079 |
<param-name>allowedInternalProxies</param-name> |
1111 |
<param-name>allowedInternalProxies</param-name> |
1080 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
1112 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
1081 |
</init-param> |
1113 |
</init-param> |
1082 |
<init-param> |
1114 |
<init-param> |
1083 |
<param-name>remoteIpHeader</param-name> |
1115 |
<param-name>remoteIpHeader</param-name> |
1084 |
<param-value>x-forwarded-for</param-value> |
1116 |
<param-value>x-forwarded-for</param-value> |
1085 |
</init-param> |
1117 |
</init-param> |
1086 |
<init-param> |
1118 |
<init-param> |
1087 |
<param-name>remoteIpProxiesHeader</param-name> |
1119 |
<param-name>remoteIpProxiesHeader</param-name> |
1088 |
<param-value>x-forwarded-by</param-value> |
1120 |
<param-value>x-forwarded-by</param-value> |
1089 |
</init-param> |
1121 |
</init-param> |
1090 |
<init-param> |
1122 |
<init-param> |
1091 |
<param-name>trustedProxies</param-name> |
1123 |
<param-name>trustedProxies</param-name> |
1092 |
<param-value>proxy1|proxy2</param-value> |
1124 |
<param-value>proxy1|proxy2</param-value> |
1093 |
</init-param> |
1125 |
</init-param> |
1094 |
</filter>]]></source> |
1126 |
</filter> |
1095 |
<p>Request values:</p> |
1127 |
</source> |
1096 |
<table class="defaultTable"> |
1128 |
<p>Request values: <table border="1" cellpadding="5"> |
|
|
1129 |
<tr> |
1097 |
<tr> |
1130 |
<th bgcolor="#023264"><font color="#ffffff">Property</font></th> |
1098 |
<th>Property</th> |
1131 |
<th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th> |
1099 |
<th>Value Before RemoteIpFilter</th> |
1132 |
<th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th> |
1100 |
<th>Value After RemoteIpFilter</th> |
1133 |
</tr> |
1101 |
</tr> |
1134 |
<tr> |
1102 |
<tr> |
1135 |
<td> request.remoteAddr </td> |
1103 |
<td> request.remoteAddr </td> |
Lines 1147-1153
Link Here
|
1147 |
<td> proxy1, proxy2 </td> |
1115 |
<td> proxy1, proxy2 </td> |
1148 |
</tr> |
1116 |
</tr> |
1149 |
</table> |
1117 |
</table> |
1150 |
</p> |
1118 |
|
1151 |
<p> |
1119 |
<p> |
1152 |
Note : <code>proxy1</code> and <code>proxy2</code> are both trusted proxies that |
1120 |
Note : <code>proxy1</code> and <code>proxy2</code> are both trusted proxies that |
1153 |
come in <code>x-forwarded-for</code> header, they both are migrated in |
1121 |
come in <code>x-forwarded-for</code> header, they both are migrated in |
Lines 1161-1193
Link Here
|
1161 |
<subsection name="Advanced configuration with an untrusted proxy"> |
1129 |
<subsection name="Advanced configuration with an untrusted proxy"> |
1162 |
|
1130 |
|
1163 |
<p>RemoteIpFilter configuration: </p> |
1131 |
<p>RemoteIpFilter configuration: </p> |
1164 |
<source> |
1132 |
<source><![CDATA[ <filter> |
1165 |
<filter> |
1133 |
<filter-name>RemoteIpFilter</filter-name> |
1166 |
<filter-name>RemoteIpFilter</filter-name> |
1134 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
1167 |
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> |
1135 |
<init-param> |
1168 |
<init-param> |
1136 |
<param-name>allowedInternalProxies</param-name> |
1169 |
<param-name>allowedInternalProxies</param-name> |
1137 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
1170 |
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> |
1138 |
</init-param> |
1171 |
</init-param> |
1139 |
<init-param> |
1172 |
<init-param> |
1140 |
<param-name>remoteIpHeader</param-name> |
1173 |
<param-name>remoteIpHeader</param-name> |
1141 |
<param-value>x-forwarded-for</param-value> |
1174 |
<param-value>x-forwarded-for</param-value> |
1142 |
</init-param> |
1175 |
</init-param> |
1143 |
<init-param> |
1176 |
<init-param> |
1144 |
<param-name>remoteIpProxiesHeader</param-name> |
1177 |
<param-name>remoteIpProxiesHeader</param-name> |
1145 |
<param-value>x-forwarded-by</param-value> |
1178 |
<param-value>x-forwarded-by</param-value> |
1146 |
</init-param> |
1179 |
</init-param> |
1147 |
<init-param> |
1180 |
<init-param> |
1148 |
<param-name>trustedProxies</param-name> |
1181 |
<param-name>trustedProxies</param-name> |
1149 |
<param-value>proxy1|proxy2</param-value> |
1182 |
<param-value>proxy1|proxy2</param-value> |
1150 |
</init-param> |
1183 |
</init-param> |
1151 |
</filter>]]></source> |
1184 |
</filter> |
1152 |
<p>Request values:</p> |
1185 |
</source> |
1153 |
<table class="defaultTable"> |
1186 |
<p>Request values: <table border="1" cellpadding="5"> |
|
|
1187 |
<tr> |
1154 |
<tr> |
1188 |
<th bgcolor="#023264"><font color="#ffffff">Property</font></th> |
1155 |
<th>Property</th> |
1189 |
<th bgcolor="#023264"><font color="#ffffff">Value Before RemoteIpFilter</font></th> |
1156 |
<th>Value Before RemoteIpFilter</th> |
1190 |
<th bgcolor="#023264"><font color="#ffffff">Value After RemoteIpFilter</font></th> |
1157 |
<th>Value After RemoteIpFilter</th> |
1191 |
</tr> |
1158 |
</tr> |
1192 |
<tr> |
1159 |
<tr> |
1193 |
<td> request.remoteAddr </td> |
1160 |
<td> request.remoteAddr </td> |
Lines 1205-1211
Link Here
|
1205 |
<td> proxy1 </td> |
1172 |
<td> proxy1 </td> |
1206 |
</tr> |
1173 |
</tr> |
1207 |
</table> |
1174 |
</table> |
1208 |
</p> |
1175 |
|
1209 |
<p> |
1176 |
<p> |
1210 |
Note : <code>x-forwarded-by</code> holds the trusted proxy <code>proxy1</code>. |
1177 |
Note : <code>x-forwarded-by</code> holds the trusted proxy <code>proxy1</code>. |
1211 |
<code>x-forwarded-by</code> holds <code>140.211.11.130</code> because |
1178 |
<code>x-forwarded-by</code> holds <code>140.211.11.130</code> because |
Lines 1348-1370
Link Here
|
1348 |
Request Dumper filter for all requests for that web application. If the |
1315 |
Request Dumper filter for all requests for that web application. If the |
1349 |
entries were added to <code>CATALINA_BASE/conf/web.xml</code>, the Request |
1316 |
entries were added to <code>CATALINA_BASE/conf/web.xml</code>, the Request |
1350 |
Dumper Filter would be enabled for all web applications.</p> |
1317 |
Dumper Filter would be enabled for all web applications.</p> |
1351 |
<source> |
1318 |
<source><![CDATA[<filter> |
1352 |
<filter> |
1319 |
<filter-name>requestdumper</filter-name> |
1353 |
<filter-name>requestdumper</filter-name> |
1320 |
<filter-class> |
1354 |
<filter-class> |
|
|
1355 |
org.apache.catalina.filters.RequestDumperFilter |
1321 |
org.apache.catalina.filters.RequestDumperFilter |
1356 |
</filter-class> |
1322 |
</filter-class> |
1357 |
</filter> |
1323 |
</filter> |
1358 |
<filter-mapping> |
1324 |
<filter-mapping> |
1359 |
<filter-name>requestdumper</filter-name> |
1325 |
<filter-name>requestdumper</filter-name> |
1360 |
<url-pattern>*</url-pattern> |
1326 |
<url-pattern>*</url-pattern> |
1361 |
</filter-mapping> |
1327 |
</filter-mapping>]]></source> |
1362 |
</source> |
|
|
1363 |
|
1328 |
|
1364 |
<p>The following entries in CATALINA_BASE/conf/logging.properties would |
1329 |
<p>The following entries in CATALINA_BASE/conf/logging.properties would |
1365 |
create a separate log file for the Request Dumper Filter output.</p> |
1330 |
create a separate log file for the Request Dumper Filter output.</p> |
1366 |
<source> |
1331 |
<source># To this configuration below, 1request-dumper.org.apache.juli.FileHandler |
1367 |
# To this configuration below, 1request-dumper.org.apache.juli.FileHandler |
|
|
1368 |
# also needs to be added to the handlers property near the top of the file |
1332 |
# also needs to be added to the handlers property near the top of the file |
1369 |
1request-dumper.org.apache.juli.FileHandler.level = INFO |
1333 |
1request-dumper.org.apache.juli.FileHandler.level = INFO |
1370 |
1request-dumper.org.apache.juli.FileHandler.directory = ${catalina.base}/logs |
1334 |
1request-dumper.org.apache.juli.FileHandler.directory = ${catalina.base}/logs |
Lines 1372-1379
Link Here
|
1372 |
1request-dumper.org.apache.juli.FileHandler.formatter = org.apache.juli.VerbatimFormatter |
1336 |
1request-dumper.org.apache.juli.FileHandler.formatter = org.apache.juli.VerbatimFormatter |
1373 |
org.apache.catalina.filters.RequestDumperFilter.level = INFO |
1337 |
org.apache.catalina.filters.RequestDumperFilter.level = INFO |
1374 |
org.apache.catalina.filters.RequestDumperFilter.handlers = \ |
1338 |
org.apache.catalina.filters.RequestDumperFilter.handlers = \ |
1375 |
1request-dumper.org.apache.juli.FileHandler |
1339 |
1request-dumper.org.apache.juli.FileHandler</source> |
1376 |
</source> |
|
|
1377 |
</subsection> |
1340 |
</subsection> |
1378 |
</section> |
1341 |
</section> |
1379 |
|
1342 |
|