Filter JBoss Access Logs By URL - jboss

I am using JBoss 6.4 EAP access logs to debug when an item hits the server.
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="my.host.name"/>
<access-log pattern="%t %a %A %b %h %m %p %q %U %r">
<directory path="."/>
</access-log>
</virtual-server>
</subsystem>
However, a monitoring tool constantly hits the server every couple of seconds to check it is up and so the access log is hard to read.
I can't turn off or change the monitoring and the code in the webserver is not mine so I can't change that either.
Is it possible to filter the access log so that it only logs when a specific url is hit?

Related

How to deploy 2 applications(same ear) to a single jboss on different ports. Is it even possible?

I use Jboss eap 6.4.
I'd like to have those ears deployed simultaneously but on different ports.
If I just put 2 ears into deployments I got: DuplicateServiceException: Service /app already registered.
To configure JBoss for App1.war on port 8080 and App2.war on port 8543, you should implement the following steps:
First of all, you have to add socket-binding for 8543 (as port 8080 is already defined).
<socket-binding name="http2" port="8543"/>
In web subsystem the following connectors should be declared:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" />
<connector name="http2" protocol="HTTP/1.1" scheme="http" socket-binding="http2" />
Additionally, in web subsystem the following two virtual-servers should be declared:
<virtual-server name="host1" enable-welcome-root="false" default-web-module="App1.war">
<alias name="first.com"/>
</virtual-server>
<virtual-server name="host2" enable-welcome-root="false" default-web-module="App2.war">
<alias name="second.com"/>
</virtual-server>
Associate the appropriate virtual-server with the respective connector:
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http">
<virtual-server name="host1"/>
</connector>
<connector name="http2" protocol="HTTP/1.1" scheme="http" socket-binding="http2">
<virtual-server name="host2"/>
</connector>
The final step is to configure each application with the right jboss-web.xml in WEB-INF:
- For App1.war
<jboss-web>
<virtual-host>host1</virtual-host>
</jboss-web>
- For App2.war
<jboss-web>
<virtual-host>host2</virtual-host>
</jboss-web>
Now each application can be accessed by following the urls:
For App1.war - http://first.com:8080/App1/index.jsp
For App2.war - http://second.com:8543/App2/index.jsp
Please bear in mind that in /etc/hosts of the system, you must add the corresponding virtual-server alias names:
127.0.0.1 localhost.localdomain localhost first.com second.com

Setting up maximum of connections for web

In JBoss7 we've restricted number of web connections by using this
<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" secure="true" max-connections="3000">
for urn:jboss:domain:web:1.0 subsystem which is replaced by urn:jboss:domain:undertow:1.2 in the wildfly. How to setup max-connections in wildfly?
I went through the documentation and didn't find matching attribute.
Thanks
Try add under filters definition
<filters>
<connection-limit name="limit-connections" max-concurrent-requests="3000" queue-size="100"/>
</filters>
and then under host or location add (depends on your need)
<filter-ref name="limit-connections"/>
See a configuration example and Model Reference
Also take a look in Configuring the Web server Pool: http://www.javacodegeeks.com/2014/01/entering-undertow-web-server.html
The above comment from Federico Sierra is correct. But in Wildfly 10.x the filter name 'connection-limit' doesn't exist anymore. Instead it is now called 'request-limit'.
So for Wildfly 10.x add filter reference in the untertow subsystem inside 'server' and 'host' context and the request-limit filter inside the 'filters' context:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
[...]
<server name="default-server">
[...]
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
[...]
<filter-ref name="limit-connections"/>
</host>
</server>
[...]
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<request-limit name="limit-connections" max-concurrent-requests="3000" queue-size="100"/>
</filters>
</subsystem>
Reference: https://github.com/wildfly/wildfly/blob/master/undertow/src/test/resources/org/wildfly/extension/undertow/undertow-3.1.xml
If you want to limit the maximum number of concurrent connections for an HTTP/HTTPS/AJP Connector you have to set the attribute max-connections.
Example:
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-connections,value=300)
Source: How to set the maximum number of Web connections in WildFly
I would use the max-conncections attribute as defined in the documentation. Either for http and/or https connections. It is defined as
"The maximum number of concurrent connections. Only values greater
than 0 are allowed. For unlimited connections simply undefine this
attribute value."
I don't see the benefit of defining an extra filter. But maybe the others can shed some light on this... So similar to the other solutions it would look like this:
<subsystem xmlns="urn:jboss:domain:undertow:10.0">
[...]
<server name="default-server">
<http-listener name="default" socket-binding="http" max-connections="3000" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-connections="3000" security-realm="ApplicationRealm" enable-http2="true" />
[...]
</server>
[...]
</subsystem>
Update: I just realized that this is the standalone.xml solution to what Francesco is proposing...

JBoss AS 7.1 Server Level Redirect

We moved (or renamed) our webapplication from http://domain.tld/webapp/... to http://domain.tld/ourWebapp/...
Now we want to redirect old urls to the new one - Most redirect solutions are handled inside the application. This however won't work, because with the wrong war-name given, the webapp is not triggered at all.
Is there a way to add redirects on the - let's say - server level, instead of handling it from within the application? (We don't want to deploy a "redirect application" listening on the old war-name.)
I found this documentation: http://www.jboss.org/jbossweb/modules/rewrite.html but it seems outdated, as it still talkes about server.xml (there is none in JBOSS AS 7.1). All the mentioned elements aren't there either and not supported it seems...
After a lot of testing, I figured out, that this is possible INSIDE the standalone.xml, right in the virtual-server subsystem. However, there are still some Issues:
Whats working so far: The following entry leads to a forward as expected:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<rewrite pattern="^/webapp/(.*?)$" substitution="/myWebapp/$1" flags="R=301,L">
</rewrite>
</virtual-server>
</subsystem>
The (outdated) docu for doing rewrites with jboss (http://www.jboss.org/jbossweb/modules/rewrite.html) states, that there are several environmnet variables that can be used.
I noticed, that the ${HTTP_} Variables are working, but using anything else gives me a 'java.lang.IllegalArgumentException'.
What I tried (and need to achieve):
<rewrite pattern="^/webapp/(.*?)$" substitution="${SERVER_PROTOCOL}://${SERVER_ADDR}:${SERVER_PORT}/myWebapp/$1" flags="R=301,L">
So basically a redirect that works independent of protocol and/or hostname.
I tried it with a "relative" Redirect (substitution="/myWebapp/$1") - This worked, but does not keep the port (requests on http://ip:8080/webapp/ are forwarded to http://ip/myWebapp/)
Any ideas on this?
Finally got it:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<rewrite pattern="^/webapp/(.*?)$" substitution="/myWebapp/$1" flags="R=301,L">
</rewrite>
</virtual-server>
</subsystem>
is working as expected and keeping the port. (Dunno, why it did not work on the first try, maybe didnt restart the server properly, etc...)
There's some explanation & examples here as well, if you have access to the RedHat site:
https://access.redhat.com/site/solutions/189423
JBoss EAP6 provided Global Rewrite valve which can be enabled in the "web" subsystem of your configuration as following:
For redirecting all http requests coming for localhost:8080/MXBeanDemo should be redirected to "www.yahoo.com/"
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
<rewrite pattern="^/MXBeanDemo(.*)" substitution="http://www.yahoo.com" flags="R"/> <!-- NOTICE -->
</virtual-server>
</subsystem>
For redirecting localhost:8080/Abcd to localhost:8080/Wxyz
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
<rewrite pattern="^/Abcd(.*)" substitution="/Wxyz" flags="R"/> <!-- NOTICE -->
</virtual-server>
</subsystem>

Socket Buffer setting for JBoss 7

In JBoss 5.1, there used to be a setting called socketBuffer which we could configure in the server.xml inside jbossweb.sar i.e. jbossweb.sar\server.xml, it looked something like this.
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
connectionTimeout="20000" redirectPort="8443" socketBuffer="64000"/>
Does someone have any idea what the corresponding setting in JBoss 7 is?
I suspect that there is no such parameter. I don't find any information about it but how I see it:
connector is defined in standolne.xml file in that fragment:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
there is XSD file which describe these part of configuration (it can be found in docs directory): jboss-as-web_1_1.xsd
there is no information about socketBuffer parameter
in other XSD files I also don't fine such parameter
and in jboss-cli I also don't see any such parameter (or similar)
Of course I can be wrong and just cannot find it.

CAS Jboss AS7 HTTPS redirect

How is it possible to configure Jasig's CAS to listen only on HTTPS port (8443)?
We have application divided into two parts, portal and SSO authority (JASIG CAS). Both are running on JBoss AS7 and different machines. Portal and SSO authority are configured to redirect from HTTP (8080) port to HTTPS (8443) port by
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
<ssl name="https" password="pass" certificate-key-file="/path_to_keystore.jks"/>
</connector>
<virtual-server name="default-host">
<alias name="myapp.domain.com"/>
</virtual-server>
</subsystem>
...
<socket-binding name="http" port="8080" fixed-port="true" interface="public"/>
<socket-binding name="https" port="8443" fixed-port="true" interface="public"/>
Port redirection works well on portal part, but CAS ignores the redirection and works at http (8080) as well (shows information about non-secured access).
For correct java web app SSL configuration is necessary to make some part of application secured in web.xml file. Then redirect works flawless.
<security-constraint>
<web-resource-collection>
<web-resource-name>sso secured pages</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>