https://bz.apache.org/bugzilla/show_bug.cgi?id=58289
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
(In reply to Tim Hunt from comment #2)
> 1. As I say above, the wrong IP address is getting logged in the Tomcat
> access logs. Surely my application code should not affect what is logged
> there.
If you access a request object outside of the normal request lifecycle you have
the potential to cause all sorts of problems.
> 2. My application code is not quite as simple as:
>
> protected void doGet(HttpServletRequest request, HttpServletResponse
> response)
> throws ServletException, IOException {
>
> if (!isAllowed(request.getRemoteAddr())) {
> sendError(request, response, HttpServletResponse.SC_FORBIDDEN,
> "You are not authorised to access this URL.");
> }
>
> sendResponse(request, response);
> }
>
> but it is not fundamentally more complex than that. Also, there is no where
> in the code where we store request or response. They are just used as local
> variables in the various methods the generate the response, and when they go
> out of scope they are left for the garbage collector.
OK. That makes a Tomcat bug more likely.
> All errors are logged reliably. One of the oversimplifications I made in the
> code snipped above is the big try catch finally block the surrounds the
> whole of doGet and doPost. Because of trying to understand this bug, I have
> been grepping our logs for words like 'error' before and after the config
> change, and after the config change there were no null pointer exceptions.
That is consistent with this being a Tomcat bug.
> I will agree that it is very mysterious. Still, I wanted to get this bug
> report filed, because in all my Googling for possible explanations, I only
> found that one closed bug that offered any clues.
You did the right thing.
I have a couple of further questions:
1. How are you proxing requests from httpd to Tomcat? mod_jk, mod_proxy_http,
mod_proxy_ajp?
2. Which version of httpd (and mod_jk if you are using that)?
3. Which connector are you using on the Tomcate side? HTTP/AJP? BIO/NIO/APR?
Finally, if you are able to reduce this to a simple WAR that demonstrates the
issue (ideally wth a servelt / JSP as simple as the code above) then that would
really help us track this down. Without a test case the only option to figure
what is going on is code inspection.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
