Re: [tomcat] branch 7.0.x updated: Change the default bind address for AJP to the loopback address

Wed, 05 Feb 2020 05:35:14 -0800 

On 05/02/2020 13:03, Michael Osipov wrote:
> Am 2020-02-05 um 13:30 schrieb ma...@apache.org:
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> markt pushed a commit to branch 7.0.x
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>
>> The following commit(s) were added to refs/heads/7.0.x by this push:
>>       new 0d633e7  Change the default bind address for AJP to the
>> loopback address
>> 0d633e7 is described below
>>
>> commit 0d633e72ebc7b3c242d0081c23bba5e4dacd9b72
>> Author: Mark Thomas <ma...@apache.org>
>> AuthorDate: Tue Jan 21 13:02:13 2020 +0000
>>
>>      Change the default bind address for AJP to the loopback address

<snip/>

>>     +    public InetAddress getLoopbackAddress() {
>> +        // Javadoc for getByName() states that calling with null will
>> return one
>> +        // of the loopback addresses
>> +        InetAddress result = null;
>> +        try {
>> +            result = InetAddress.getByName(null);
>> +        } catch (UnknownHostException e) {
>> +            // This would be unusual but ignore it in this case.
>> +        }
>> +        if (result == null) {
>> +            // Fallback to default IPv4 loopback address.
>> +            // Not perfect but good enough and if the address is not
>> valid the
>> +            // bind will fail later with an appropriate error message
>> +            try {
>> +                result = InetAddress.getByName("127.0.0.1");
> 
> This is wrong. localhost is not always 127.0.0.1. I have hosts where lo1
> is cloned with 127.0.0/29 and not local IPs are passed into Jails.

The code was designed with that in mind.

As the comments state, it isn't perfect but it is a fall-back for a
state that should happen rarely / not at all.

It is preferrable to use "127.0.0.1" and have the Connector fail than
the other options which are:

- fail immediately as that would prevent the user specifying an
  alternative value for address; or

- have the Connector come up listening on all addresses.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to