Re: [Tomcat Wiki] Update of "PoweredBy" by PierreJean
Le 09/02/2014 10:06, Apache Wiki a écrit : The "PoweredBy" page has been changed by PierreJean: https://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=471&rev2=472 Comment: As discussed in the dev-mailing : Deep cleaning here - Step 1: Removing all 404/TimeOut url + explicit subpage URL - Step 2 (On work): Check old url with domain squater => Thx to not change list order I show you a generated screenshot thumbnail of each url at the end of the coming week to let see what are the 301/302 crappy URL When final clean done, then, let me know if you want i back the logo of the company on the list Please, if you edit the page, do not change the order of each list, add your urls at the end of a category , because im gonna compare it with thumb list to do it super-quickly. So if you change the order... i will loose my time :( PJ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Update of "PoweredBy"
2014-02-09 13:29 GMT+04:00 dahu : > Le 09/02/2014 10:06, Apache Wiki a écrit : > >> The "PoweredBy" page has been changed by PierreJean: >> https://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=471&rev2=472 >> >> Comment: >> As discussed in the dev-mailing : Deep cleaning here - Step 1: Removing >> all 404/TimeOut url + explicit subpage URL - Step 2 (On work): Check old url >> with domain squater => Thx to not change list order >> >> > > > I show you a generated screenshot thumbnail of each url at the end of the > coming week to let see what are the 301/302 crappy URL > > When final clean done, then, let me know if you want i back the logo of the > company on the list > > Please, if you edit the page, do not change the order of each list, add your > urls at the end of a category , because im gonna compare it with thumb list > to do it super-quickly. So if you change the order... i will loose my time > :( > 1. Generally: OK, I like the new look. Let's keep it without images. 2. I think you are too quick at removal. Can it be done one-by-one, with an explanation? It'd be better to re-check the timeout'ed sites on a later date. 3. As I said, 301/302 responses are OK. You need to follow those redirects. It might be a www.foo.x -> foo.x redirect, or redirect to a home page (e.g. to a wiki home page), or redirect foo/dir -> foo/dir/ 4. You removed section #4 (Surveys). I think it should be added back. That section is about software surways that says how many % of surveyed people are using Tomcat. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1566311 - in /tomcat/jk/trunk: native/apache-2.0/mod_jk.c native/common/jk_global.h xdocs/generic_howto/proxy.xml xdocs/miscellaneous/changelog.xml xdocs/reference/apache.xml xdocs/webser
Author: rjung
Date: Sun Feb 9 16:40:28 2014
New Revision: 1566311
URL: http://svn.apache.org/r1566311
Log:
Introduce new JkOptions ForwardPhysicalAddress.
By default mod_jk will now forward the logical IP
address as provided e.g. by mod_remote_ip.
If JkOptions ForwardPhysicalAddress is set, it will
instead forward the physical IP address of the TCP peer.
Modified:
tomcat/jk/trunk/native/apache-2.0/mod_jk.c
tomcat/jk/trunk/native/common/jk_global.h
tomcat/jk/trunk/xdocs/generic_howto/proxy.xml
tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
tomcat/jk/trunk/xdocs/reference/apache.xml
tomcat/jk/trunk/xdocs/webserver_howto/apache.xml
Modified: tomcat/jk/trunk/native/apache-2.0/mod_jk.c
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-2.0/mod_jk.c?rev=1566311&r1=1566310&r2=1566311&view=diff
==
--- tomcat/jk/trunk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/jk/trunk/native/apache-2.0/mod_jk.c Sun Feb 9 16:40:28 2014
@@ -785,8 +785,13 @@ static int init_ws_service(apache_privat
}
else {
#if (MODULE_MAGIC_NUMBER_MAJOR >= 2030)
-s->remote_addr = r->connection->client_ip;
-s->remote_port = apr_itoa(r->pool, r->connection->client_addr->port);
+if (conf->options & JK_OPT_FWDPHYSICAL) {
+s->remote_addr = r->connection->client_ip;
+s->remote_port = apr_itoa(r->pool,
r->connection->client_addr->port);
+} else {
+s->remote_addr = r->useragent_ip;
+s->remote_port = apr_itoa(r->pool, r->useragent_addr->port);
+}
#else
s->remote_addr = r->connection->remote_ip;
s->remote_port = apr_itoa(r->pool, r->connection->remote_addr->port);
@@ -1101,7 +1106,7 @@ static int init_ws_service(apache_privat
*/
if (JK_IS_DEBUG_LEVEL(conf->log)) {
jk_log(conf->log, JK_LOG_DEBUG,
- "Service protocol=%s method=%s ssl=%s host=%s addr=%s name=%s
port=%d auth=%s user=%s laddr=%s raddr=%s uri=%s",
+ "Service protocol=%s method=%s ssl=%s host=%s addr=%s name=%s
port=%d auth=%s user=%s laddr=%s raddr=%s uaddr=%s uri=%s",
STRNULL_FOR_NULL(s->protocol),
STRNULL_FOR_NULL(s->method),
s->is_ssl ? "true" : "false",
@@ -1114,8 +1119,10 @@ static int init_ws_service(apache_privat
STRNULL_FOR_NULL(r->connection->local_ip),
#if (MODULE_MAGIC_NUMBER_MAJOR >= 2030)
STRNULL_FOR_NULL(r->connection->client_ip),
+ STRNULL_FOR_NULL(r->useragent_ip),
#else
STRNULL_FOR_NULL(r->connection->remote_ip),
+ STRNULL_FOR_NULL(r->connection->remote_ip),
#endif
STRNULL_FOR_NULL(s->req_uri));
}
@@ -2206,6 +2213,11 @@ static const char *jk_set_options(cmd_pa
}
else if (!strcasecmp(w, "ForwardLocalAddress")) {
opt = JK_OPT_FWDLOCAL;
+mask = JK_OPT_FWDADDRMASK;
+}
+else if (!strcasecmp(w, "ForwardPhysicalAddress")) {
+opt = JK_OPT_FWDPHYSICAL;
+mask = JK_OPT_FWDADDRMASK;
}
else if (!strcasecmp(w, "FlushPackets")) {
opt = JK_OPT_FLUSHPACKETS;
Modified: tomcat/jk/trunk/native/common/jk_global.h
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_global.h?rev=1566311&r1=1566310&r2=1566311&view=diff
==
--- tomcat/jk/trunk/native/common/jk_global.h (original)
+++ tomcat/jk/trunk/native/common/jk_global.h Sun Feb 9 16:40:28 2014
@@ -251,6 +251,7 @@ extern "C"
*/
#define JK_OPT_FWDURIMASK 0x0007
+#define JK_OPT_FWDADDRMASK 0x0810
#define JK_OPT_FWDURICOMPAT 0x0001
#define JK_OPT_FWDURICOMPATUNPARSED 0x0002
@@ -268,6 +269,9 @@ extern "C"
#define JK_OPT_FWDCERTCHAIN 0x0100
#define JK_OPT_FWDKEYSIZE 0x0200
#define JK_OPT_REJECTUNSAFE 0x0400
+/* Forward physical tcp peer address instead of
+ * client address as provided e.g. by httpd mod_remoteip. */
+#define JK_OPT_FWDPHYSICAL 0x0800
#define JK_OPT_DEFAULT (JK_OPT_FWDURIDEFAULT | JK_OPT_FWDKEYSIZE)
Modified: tomcat/jk/trunk/xdocs/generic_howto/proxy.xml
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/generic_howto/proxy.xml?rev=1566311&r1=1566310&r2=1566311&view=diff
==
--- tomcat/jk/trunk/xdocs/generic_howto/proxy.xml (original)
+++ tomcat/jk/trunk/xdocs/generic_howto/proxy.xml Sun Feb 9 16:40:28 2014
@@ -188,10 +188,15 @@ For the details see the
Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1566311&r1=1566310&r2=1566311&view=diff
==
--- t
Re: Update of "PoweredBy"
Le 09/02/2014 16:26, Konstantin Kolinko a écrit : 1. Generally: OK, I like the new look. Let's keep it without images. as you want. i keep a saved page of the old version to not have to switch between version if you want logo back and let me do it quickly 2. I think you are too quick at removal. Can it be done one-by-one, with an explanation? It gonna be done like this : - I build a tiny script that will get thumbnail screen shot of all URLs including timeout URL's (no screenshot will be generated on this one if still out) => i have an account for a webservice screenshot, 300 url is nothing for me. At this end, im gonna explain each case of removal decision, but i only remove when explicit : the rules i follow : - 404 = remove - timeout = i understand you want to let a chance. let me know if you want it back - in the same company product : 1 link to company = ok => 1 link to tomcat specified product = ok => link to "real estate denver" with url company.com/real-estate-denver.html = clearly spam optimisation = remove the link, not the company So at the end : only 404, confirmed timeout, confirmed Domain Squater, and optimized URL will go out It'd be better to re-check the timeout'ed sites on a later date. If you want, i put back URL timeout and indicate them with a flag (TimeOut-fev14) 3. As I said, 301/302 responses are OK. You need to follow those redirects. It might be a www.foo.x -> foo.x redirect, or redirect to a home page (e.g. to a wiki home page), or redirect foo/dir -> foo/dir/ Screen shot thumbnail will give us the answer visualy. I will generate a page with all thumbnail, so you will all see the result. I think that 301/302 must be checked that way only to find Domain Squater (Somebody bought the URL and put an Adult/chinese/other things on it) 4. You removed section #4 (Surveys). I think it should be added back. That section is about software surways that says how many % of surveyed people are using Tomcat. ?!!! i checked 2 times to find this section and did'nt find it... But i done it this morning, and its possible that i was not full awaken... (hard staturday night :) ) I'll try to find little time this Monday to generate the thumbnail PJ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.3
On 2/7/2014, 1:16 PM, Mark Thomas wrote: The proposed Apache Tomcat 8.0.3 release is now available for voting. The main changes since 8.0.2 are: - Fix DBCP build - Update DBCP version to include recent fix for running under a security manager without needed to grant additional permissions to web applications The main changes since 8.0.1 are: - Fix CVE-2014-0050, a DoS related to multi-part processing - Enable non-blocking reads to take place on non-container threads - Update to the latest DBCP 2 snapshot - Fix WebDAV support broken by resources refactoring It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.3/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1005/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_3/ The proposed 8.0.3 release is: [ ] Broken - do not release [ ] Alpha - go ahead and release as 8.0.3 (alpha) [ ] Beta - go ahead and release as 8.0.3 (beta) [X] Stable - go ahead and release as 8.0.3 (stable) Focused on websocket/asyncContext testing. -- Jeanfrancois Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.3
On 07/02/2014 18:16, Mark Thomas wrote: > The proposed 8.0.3 release is: > [ ] Broken - do not release > [ ] Alpha - go ahead and release as 8.0.3 (alpha) > [X] Beta - go ahead and release as 8.0.3 (beta) > [ ] Stable - go ahead and release as 8.0.3 (stable) Unit tests pass on Windows, Linux and OSX. DBCP2 is still using a snapshot. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.3
Mark,
On 9.2.2014 2:36, Ognjen Blagojevic wrote:
I also tried to test my production webapps, which also use DBCP2.
However I get a lot of AccessControlExceptions, which I resolved one by
one. Now I am stucked with particularly stubborn FilePermission problem.
If I resolve that one, and other following exceptions I will report the
results of testing here.
I got one of my production webapps working (for the most part) with
security manager in 8.0.1 and 8.0.3.
In 8.0.1, I needed to add the following configuration to catalina.policy
(sensitive parts removed):
grant codeBase "file:${catalina.base}/webapps/(context)/-" {
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.util.PropertyPermission
"com.sun.faces.SerializationProvider", "read";
permission java.lang.RuntimePermission "getClassLoader";
permission java.util.PropertyPermission
"com.sun.faces.InjectionProvider", "read";
permission java.io.FilePermission
"file:(...)\\WEB-INF\\lib\\(...)!\\META-INF\\-", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.catalina.util";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.jasper.compiler";
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "openjpa.properties", "read";
permission java.util.PropertyPermission
"javax.persistence.properties", "read";
permission java.util.PropertyPermission "openjpa.slice.properties",
"read";
permission java.util.PropertyPermission
"javax.mail.Session.Factory", "read";
permission java.net.SocketPermission "(mailserver)", "resolve";
permission java.net.SocketPermission "(mailserver):(port)",
"connect,resolve";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.dbcp.dbcp2";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.dbcp.pool2";
permission java.net.SocketPermission "(dbserver)", "resolve";
permission java.net.SocketPermission "(dbserver):(port)",
"connect,resolve";
permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.dbcp.pool2.impl";
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanPermission
"org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool#-[Catalina:class=javax.sql.DataSource,context=/(context),host=localhost,name=\"(jndiname)\",pool=connections,type=DataSource]",
"registerMBean";
};
In 8.0.3, I was able to remove following permissions from the above list:
// permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.dbcp.dbcp2";
// permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.dbcp.pool2";
// permission java.lang.RuntimePermission
"accessClassInPackage.org.apache.tomcat.dbcp.pool2.impl";
// permission javax.management.MBeanPermission
"org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool#-[Catalina:class=javax.sql.DataSource,context=/(context),host=localhost,name=\"(jndiname)\",pool=connections,type=DataSource]",
"registerMBean";
// permission javax.management.MBeanServerPermission "createMBeanServer";
HTH,
Ognjen
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.0.3
2014-02-08 3:16 GMT+09:00 Mark Thomas : > The proposed Apache Tomcat 8.0.3 release is now available for voting. > > The main changes since 8.0.2 are: > - Fix DBCP build > - Update DBCP version to include recent fix for running under a > security manager without needed to grant additional permissions > to web applications > > The main changes since 8.0.1 are: > - Fix CVE-2014-0050, a DoS related to multi-part processing > - Enable non-blocking reads to take place on non-container threads > - Update to the latest DBCP 2 snapshot > - Fix WebDAV support broken by resources refactoring > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.3/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1005/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_3/ > > The proposed 8.0.3 release is: > [ ] Broken - do not release > [ ] Alpha - go ahead and release as 8.0.3 (alpha) > [X] Beta - go ahead and release as 8.0.3 (beta) > [ ] Stable - go ahead and release as 8.0.3 (stable) > > +1 Tested on sample apps (enable DeltaManager ). Works fine. > Cheers, > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- > Keiichi.Fujino
[Tomcat Wiki] Update of "PoweredBy" by PierreJean
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "PoweredBy" page has been changed by PierreJean: https://wiki.apache.org/tomcat/PoweredBy?action=diff&rev1=472&rev2=473 Comment: Step 1.1 : Back of "survey" category - Step 2 (coming) : retest timeout URL and check 301/2302 - Do not edit the list order please 1. [[http://www.webhostinguk.com|Webhostinguk.com]]: Web Hosting UK - Tomcat Hosting offers on reliable & fast servers at WebhostingUK Limited. 1. [[http://www.zaidsoft.net|Zaidsoft.net]]: Zaidsoft offers JSP hosting using Tomcat. All of Zaidsoft web based software applications including Zaidsoft iMLM are powered by Tomcat as JSP/Servlet container. + <> + + == 4. Surveys and Other Evidence of Usage == + + + 1. JBoss Infrastructure Survey: [[http://www.jboss.com/pdf/JBossAS-EnterpriseInfrastructure.pdf|A survey]] of infrastructure tools, adoption, mindshare, and more from JBoss finds Tomcat again among the leading products. + + 1. O'Reilly On Java: [[http://www.onjava.com/pub/a/onjava/2004/05/19/2004-survey.html|Over 86%]] of respondents in O'Reilly's On Java 2004 Survey. + + 1. TheServerSide.com: [[http://www.theserverside.com/tss?service=direct/0/NewsThread/threadViewer.markNoisy.link&sp=l28395&sp=l136428|Tomcat is among the market leaders]] in this survey by [[http://www.theserverside.com|TheServerSide.com]]. + <> == 5. More Stuff == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
