search

me0wster / javamelody

Automatically exported from code.google.com/p/javamelody
0 stars 0 forks source link

allowed-addr-pattern not working #177

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. I have added allowed-addr-pattern in my web.xml as:
<filter>
    <filter-name>monitoring</filter-name>
    <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
    <init-param>
      <param-name>allowed-addr-pattern</param-name>
      <param-value>192\.168\..*|localhost|127\.0\..*|169\.258\.74\.216|10\.5\.14\.33</param-value>
      <!-- param-value>192\.168\..*</param-value -->
    </init-param>
  </filter>
2. I have tried listing multiple IPs and only one IP (tried each one).

What is the expected output? What do you see instead?
It should let me in. But, I always got 403 FORBIDDEN.

What version of the product are you using? On what application server, JDK, 
operating system?
I'm using latest version (1.33.0) of JavaMelody. Tomcat6, 64bit Java 6u29, 
Windows 2008.

Please provide any additional information below.
I'm trying to access it as: http://localhost:9008/myApp/monitoring , I have 2 
IPs (IPv4 and IPv6). I have tried with both and also with localhost and 
127.0.0.1 and it doesn't work. I always got 403 FORBIDDEN.

Original issue reported on code.google.com by tomicmi...@gmail.com on 26 Jan 2012 at 1:49

GoogleCodeExporter commented 9 years ago 
The code for that is here in the MonitoringFilter:
http://code.google.com/p/javamelody/source/browse/trunk/javamelody-core/src/main
/java/net/bull/javamelody/MonitoringFilter.java#375

Do you have something like Apache http server in front of your Tomcat server?
If yes, can you call the Tomcat server directly?
(I think that we can't rely on X-Forwarded-For to check this, for security 
reasons)

Original comment by evernat@free.fr on 26 Jan 2012 at 5:58

GoogleCodeExporter commented 9 years ago 
any news?

Original comment by evernat@free.fr on 12 Feb 2012 at 5:01

GoogleCodeExporter commented 9 years ago 
No news, so I suppose that there is a proxy like Apache http server and that 
this issue is a duplicate of issue 184 (or to be exact, the reverse of issue 
184).

Original comment by evernat@free.fr on 20 Feb 2012 at 10:15