问题
The access to my server should be limited to some Remote hosts, and I want to allow Uptimerobot to monitor my server.
Currently uptimerobot gets always a 403 Forbidden.
I added Server.xml looks like this:
<Server .........>
<Service name="Catalina">
<Engine>
<Value className="org.apache.catalina.valves.RemoteHostValve" allow=".*\.uptimerobot\.com" />
</Engine>
</Service>
To match all hosts in this list UptimeRobot Whitelist
But after restarting server nothing changed, still 403.
I also tried to use a domain-name without wildcards like this:
allow="engine19\.uptimerobot\.com"
allow="engine19.uptimerobot.com"
But still 403,
I tried to enable hostnamelookups with adding
enableLookups="true"
to the <Connector
tag, but again no effect.
But in my logs I see that the access is resolved to "engine19.uptimerobot.com" wich matches my RemoteHost-Pattern.
Any Ideas, why it is still forbidden ?
EDIT:
Access via IP with
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="63\.143\.42\.244"/>
is working. But I dont want to add the whole list of ips there.
Is it possible that RemoteAddrValve and RemoteHostValve are disturbing eachother ?
回答1:
I have tried this and this worked for me
set useIPVHosts to true in connector (Inside server.xml).
I am using HTTP connector and it looks as follow
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
enableLookups="true"
useIPVHosts="true" />
Details of attributes can be found here
回答2:
Check tomcat/logs/local_access_log... to see what host name used for 403.
I found that our company DNS reports some names in all uppercase and others in all lowercase. Use (?i) to have regex be case insensitive:
allow="(?i)engine19\.uptimerobot\.com"
If you have both RemoteHostValve and RemoteAddValve, both must allow an incoming host. If either does not allow then 403 will be returned.
来源:https://stackoverflow.com/questions/42577035/tomcat-8-remotehostvalve-not-working