권남

사용자 도구

사이트 도구

추적:
java:tomcat

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

양쪽 이전 판 이전 판
다음 판 		이전 판
java:tomcat [2013/05/28 17:42]
kwon37xi 		java:tomcat [2019/06/19 13:26] (현재)
kwon37xi [주요 Valve]
줄 7: 줄 7:
   * [[http://java.dzone.com/articles/forcing-tomcat-log-through|Forcing Tomcat to log through SLF4J/Logback]]   * [[http://java.dzone.com/articles/forcing-tomcat-log-through|Forcing Tomcat to log through SLF4J/Logback]]
   * [[http://bcho.tistory.com/720|Apache Tomcat Tuning]]   * [[http://bcho.tistory.com/720|Apache Tomcat Tuning]]
 +  * [[http://code.google.com/p/psi-probe/|PSI-Probe]] Tomcat manager를 대체할 수 있는 툴.
 +  * [[http://www.javacodegeeks.com/2012/11/standalone-web-application-with-executable-tomcat.html|Standalone web application with executable Tomcat]]
 +  * [[http://examples.javacodegeeks.com/enterprise-java/tomcat/tomcat-server-xml-configuration-example/|Tomcat server.xml Configuration Example]]
 +  * [[http://javarevisited.blogspot.kr/2013/07/how-to-configure-https-ssl-in-tomcat-6-7-web-server-java.html|How to Configure HTTPS (SSL) in Tomcat 6 and 7 Java Web Server]]
 +  * [[https://examples.javacodegeeks.com/enterprise-java/tomcat/apache-tomcat-connector-example/|Apache Tomcat Connector Example - mod_jk]]
 +  * [[https://examples.javacodegeeks.com/enterprise-java/tomcat/apache-tomcat-hardening-tutorial/|Apache Tomcat Hardening Tutorial | Examples Java Code Geeks - 2016]]
 +  * [[http://tomcat.apache.org/presentations.html|Apache Tomcat® - Presentations]]
  
 ===== 다중 도메인 Session ===== ===== 다중 도메인 Session =====
줄 39: 줄 46:
 ===== Tomcat 6.0.10 이상부터 / \ 이상 동작 ===== ===== Tomcat 6.0.10 이상부터 / \ 이상 동작 =====
   * http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10 <code>   * http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10 <code>
- Important: Directory traversal CVE-2007-0450+Important: Directory traversal CVE-2007-0450
  
-Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk) configured to only proxy some contexts, a HTTP request containing strings like "/\../" may allow attackers to work around the context restriction of the proxy, and access the non-proxied contexts.+Tomcat permits '\', '%2F' and '%5C' as path delimiters. When Tomcat is used behind a proxy (including, but not limited to, Apache HTTP server with mod_proxy and mod_jk) 
 + configured to only proxy some contexts, a HTTP request containing strings like "/\../" may allow attackers to work around the context restriction of the proxy, 
 + and access the non-proxied contexts.
  
 The following Java system properties have been added to Tomcat to provide additional control of the handling of path delimiters in URLs (both options default to false): The following Java system properties have been added to Tomcat to provide additional control of the handling of path delimiters in URLs (both options default to false):
줄 48: 줄 57:
     org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: true|false     org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: true|false
  
-Due to the impossibility to guarantee that all URLs are handled by Tomcat as they are in proxy servers, Tomcat should always be secured as if no proxy restricting context access was used. +Due to the impossibility to guarantee that all URLs are handled by Tomcat as they are in proxy servers, 
 +Tomcat should always be secured as if no proxy restricting context access was used. 
 </code> </code>
 +
 +
 +===== UTF-8 Charset/Encoding =====
 +  * [[http://www.baeldung.com/tomcat-utf-8|Making Tomcat UTF-8-Ready]]
 +
 +  * ''server.xml'' Connector에 ''URIEncodign="UTF-8"'' 지정
 +  * Spring 사용시 ''org.springframework.web.filter.CharacterEncodingFilter''로 필터 적용
 +===== Tomcat 7.0.54 ClassLoader memory leak =====
 +  * [[https://bz.apache.org/bugzilla/show_bug.cgi?id=57173|Bug 57173 – EOFException during annotation scanning]]
 +  * Tomcat 7.0.54 버전의 클래스로더가 일부 jar 를 로딩하는동안 Annotation 분석하다가 ''EOFException''과 Memory Leak 일 발생한다.<code>
 +SEVERE: Unable to process Jar entry [com/ctc/wstx/api/ReaderConfig.class] from Jar [jar:jndi:/localhost/ssms-gui/WEB-INF/lib/woodstox-core-asl-4.1.2.jar!/] for annotations
 +java.io.EOFException
 +</code>
 +  * 특히 MyBatis 3.4.0 버전에서 발생하였으며, Tomcat을 버전업하면 해결된다.
 +
 +===== RemoteIPValve =====
 +  * [[https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html|RemoteIpValve]] 프록시를 제거한 원본 요청 Remote IP 를 ''HttpServletRequest.remoteAddr''로 남겨주는 value
 +  * ''server.xml'' <code>
 +<Valve className="org.apache.catalina.valves.RemoteIpValve"
 +               remoteIpHeader="X-Forwarded-For"
 +               requestAttributesEnabled="true"
 +               internalProxies="127\.0\.0\.1"  />
 +</code>
 +  * nginx <code>
 +proxy_set_header X-Real-IP $remote_addr;
 +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +proxy_set_header X-Forwarded-Proto $scheme;
 +</code>
 +  * [[springframework:springboot|SpringBoot]] 사용시에는 다음 프라퍼티 설정이 있으면 ''RemoteIpValue''가 자동 활성화된다.<code>
 +server.tomcat.remote_ip_header=x-forwarded-for
 +</code>
 +  * [[springframework:springboot|SpringBoot]] 사용시에는 다음 프라퍼티 설정이 있어야 redirect 시에 protocol을 올바로 판단할 수 있다.<code>
 +server.tomcat.protocol_header=x-forwarded-proto
 +</code>
 +===== Realm =====
 +  * [[https://dzone.com/articles/how-to-implement-a-new-realm-in-tomcat|How to Implement a New Realm in Tomcat ]]
 +
 +===== Slf4j & Logback =====
 +  * [[https://github.com/tomcat-slf4j-logback/tomcat-slf4j-logback|Tomcat Slf4j Logback]]
  
java/tomcat.1369730554.txt.gz · 마지막으로 수정됨: 2013/05/28 17:42 저자 kwon37xi

문서 도구

별도로 명시하지 않을 경우, 이 위키의 내용은 다음 라이선스에 따라 사용할 수 있습니다: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki