Restrict access for tomcat application server from IP or hosts

To restrict access to a standalone Tomcat instance by IP address
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
The above will restrict access to the surrounding Engine, Host, or Context element inTOMCAT_HOME/conf/server.xml. You may also specify a comma separated list of IP addresses instead of a single address. If you want to deny access to one or more IP addresses, you would do something like this:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.0.0.1"/>
To restrict by host name:
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="yahoo.com"/>
You use the same allow or deny attributes and the RemoteHostValve class instead of RemoteAddrValve.

How to catch 500 error from error logs in apache

A. Enable cgi for your apache. Add following.

1) LoadModule cgid_module modules/mod_cgid.so

2)

<Directory “/appl/apache2/cgi-bin”>

AllowOverride None

Options ExecCGI

Order allow,deny

Allow from all

</Directory>

3)

ScriptAlias /cgi-bin/ “/appl/apache2/cgi-bin/”

AddHandler cgi-script .cgi

ErrorDocument 413 /cgi-bin/error.cgi

4) Restart apache.

B. Set up the following python script to catch this error, send an email to admin and give the custome message to users.

/appl/apche/cgi-bin/error.cgi

chmod +x /appl/apache/cgi-bin/error.cgi

#!/usr/bin/python
import sys, os
SENDMAIL = “/usr/sbin/sendmail” # sendmail location
print “Content-Type: text/htmlnn”;
if (os.environ[“REDIRECT_STATUS”] == “413”) or (os.environ[“REDIRECT_STATUS”] == “500”):
stats = “<table border=1><tr><td>Variable</td><td>Value</td></tr>”
for name, value in os.environ.items():
stats += “<tr><td>%s</td><td>%s</td></tr>” % (name,value)
stats += “</table>”
sendmail_location = “/usr/sbin/sendmail” # sendmail location
p = os.popen(“%s -t” % “/usr/sbin/sendmail”, “w”)
p.write(“From: %sn” % “error-reporter@domain.com”)
p.write(“To: %sn” % “mail@domain.com”)
p.write(“Content-Type: text/htmln”)
p.write(“Subject: Error %s in accessing n” % os.environ[“REDIRECT_STATUS”])
p.write(“n”) # blank line separating headers from body
p.write(stats)
status = p.close()
”’print “<H3><center>Inconvenience Regretted.  Team has been notified of this issue</center></h3>””’
cookieclearjs=”””
<script language=’JavaScript’>
var todate = new Date ( );
todate.setTime ( todate.getTime() – 100000 );
var domain_url_del = window.location.href;
var domain_Name_url_del = domain_url_del.split(“http://”);
var domain_Name_temp_del = domain_Name_url_del[1].split(“/”);
var domain_Name_del = domain_Name_temp_del[0];
var cookieList = document.cookie.split(‘;’);
for(var i=0;i < cookieList.length;i++)
{
var name = cookieList[i];
if(name.indexOf(“MyLinks”)!=-1)
{
document.cookie = ”+name+’=; path=//APPLICATION/PATH; domain=.’ + domain_Name_del + ‘; expires=’ + todate.toGMTString();
document.cookie = ”+name+’=; path=//APPLICATION/PATH; domain=.’ + domain_Name_del + ‘; expires=’ + todate.toGMTString();
}
}
</script>
“””
print cookieclearjs
print “<script language=’JavaScript’>window.location=’%s'</script>” % os.environ[“REDIRECT_SCRIPT_URI”]
else:
print “<H3><center>What you are looking for, is not here</center></h3>”

Installing Apache 2.2.11 with Weblogic 10.3 on Ubuntu 9.04 64 bit

This post takes you through the steps to install Apache 2.2.11 on Ubuntu 9.04 64 bit and make it work with Weblogic 10.3. The post walks through the steps that I followed, the problems that I faced and the solutions ( er..hacks) to get them resolved.

Installing Apache

  • Is simple do

sudo apt-get install apache2

If you want to build it from sources then follow these steps.

  • Once you have installed apache2 then the installation happens at the following locations in Ubuntu

Apache config files are in /etc/apache
Apache log files are in /var/log/apache
Apache libs are in /usr/lib/apache
Other files can be in /usr/share/apache, /var/lib/apache
executables in /usr/sbin apache and apache2ctl

  • Now to start apache execute the following

vhazrati@vhazrati-laptop:/usr/sbin$ sudo apache2ctl start

  • Note that the server is started as a root, else you might get the following error

(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

You should be able to access the default page on http://localhost now and see It Works!

Now, Integrating with Weblogic


  • Download the apache plugins for weblogic 10.3 from the following location

http://download.oracle.com/otn/bea/weblogic/server103/server103_apacheplugins.zip

  • Unzip the contents and select the mod_wl_22.so file from the location

<apache-plugin-unzip-location>linux/x86_64

  • This file needs to be loaded the following location

/usr/lib/apache2/modules

  • to test whether the file is valid or not do ldd

vhazrati@vhazrati-laptop:/usr/lib/apache2/modules$ ldd mod_wl_22.so
linux-vdso.so.1 =>  (0×00007fff02ffe000)
libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0×00007f5cfaaff000)
libm.so.6 => /lib/libm.so.6 (0×00007f5cfa87a000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0×00007f5cfa661000)
libc.so.6 => /lib/libc.so.6 (0×00007f5cfa2ef000)
/lib64/ld-linux-x86-64.so.2 (0×00007f5cfafc5000)

  • You might notice that some file like in my case libstdc++.so.5 => was not found!

-bash-3.00$ ldd mod_wl_22.so
libstdc++.so.5 => not found
libm.so.6 => /lib64/tls/libm.so.6 (0×0000002a9572f000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0×0000002a958b5000)
libc.so.6 => /lib64/tls/libc.so.6 (0×0000002a959c3000)
/lib64/ld-linux-x86-64.so.2 (0×000000552aaaa000)

  • Goto the synaptic package manager, search and install this file.
  • Now create a weblogic.load file with the following contents

LoadModule weblogic_module /usr/lib/apache2/modules/mod_wl_22.so

  • and put it at the following location

/etc/apache2/mods-enabled

  • You can also create a weblogic.conf file with the following contents at the same location

<Location /medrec>
SetHandler weblogic-handler
WebLogicHost 127.0.1.1
WebLogicPort 7011
</Location>

This would help in redirecting a request like http://localhost/medrec to the weblogic server running on 127.0.1.1 and at 7011 port with the application name medrec.

  • Restart Apache

vhazrati@vhazrati-laptop:/usr/sbin$ sudo apache2ctl restart

  • Check whether the weblogic_module has been loaded successfully or not

vhazrati@vhazrati-laptop:/usr/sbin$ apache2 -t -D DUMP_MODULES
apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
Loaded Modules:
core_module (static)
log_config_module (static)
logio_module (static)
mpm_worker_module (static)
http_module (static)
so_module (static)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_default_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgid_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
status_module (shared)
weblogic_module (shared)

  • If you see the weblogic_module loaded fine then you have configured it correctly and can now access the application at

http://localhost/medrec/

  • To test whether the apache2.conf file is correct or not you can use

vhazrati@vhazrati-laptop:/usr/sbin$ apache2 -t
apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
Syntax OK

Other Potential Problem(s)

  • You may encounter the problem bad user name ${APACHE_RUN_USER}

this is because the value of ${APACHE_RUN_USER} is not getting picked up. Ideally it should be picked up from /etc/apache2/envvars

which has the following entries

# envvars – default environment variables for apache2ctl

# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2.pid

However, still in your case if these values are not picked up then goto the /etc/apache2/apache2.conf file and make the following changes

# These need to be set in /etc/apache2/envvars
# User ${APACHE_RUN_USER}
# Group ${APACHE_RUN_GROUP}
User www-data
Group www-data

  • The weblogic.load file is not read for some reason and hence the weblogic_module is not loaded

Make an entry in the httpd.conf file at the following location

/etc/apache2/httpd.conf

and enter the LoadModule and other configuration data in this file

LoadModule weblogic_module /usr/lib/apache2/modules/mod_wl_22.so

<Location /medrec>
SetHandler weblogic-handler
WebLogicHost 127.0.1.1
WebLogicPort 7011
</Location>

There is an entry in the apache2.conf file to include the httpd.conf file, hence the changes of httpd.conf would get loaded

# Include all the user configurations:
Include /etc/apache2/httpd.conf

How to check the installed mod_jk version

2 ways you can do that.

1. Better approach is
# strings /PATH/TO/APACHE/modules/mod_jk.so |grep -i mod_jk
mod_jk.so
mod_jk.c
mod_jk/1.2.18 <-- There you go. 2. If you have that already installed then if you have enable mod_jk log then you can check from that log file or you can do http://Your_SERVER/ApplicationURL/SomeFOLDER/@#@#CS<>>$#$#$% You will get internal serever error over there at the bottom you will get the mod_jk version with apache version. e.g. Apache/2.0.59 (Unix) mod_jk/1.2.28