Description

• EBSCO has announced changes regarding connection details for EBSCO services
• Due to these changes Voyager's configuration may need to be updated if RemoteAddrValve's are being used to restrict access to VXWS instead of or in addition to a network firewall.

Resolution

• This issue affects sites currently utilizing Tomcat's RemoteAddrValve to "allow" (i.e., not block/unblock) specific IP's.
• If traffic is managed by a network firewall, the firewall should be configured to allow traffic per the specifications provided by EBSCO and no further change is required.

• If RemoteAddrValves are being used to regulate traffic, Tomcat's server.xml file must be updated to use RemoteHostValve instead of RemoteAddrValve, and reverse lookups must be enabled.

To determine if updating server.xml to use RemoteHostValve is neccesary:

1. Log into the Voyager server as the voyager user.
2. Run the following command: grep RemoteAddrValve /m1/voyager/*/tomcat/conf/server.xml
3. Output will display all RemoteAddrValve tags for all db's. A typical tag will resemble:/m1/voyager/xxxdb/tomcat/conf/server.xml:                    <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/> -->
4. This issue is only a concern if a tag is uncommented (i.e. no comment tags: <!-- ... -->) AND the configuration for 'allow=' in any tag is configured to filter for an IP other than localhost i.e("127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" )
5. If all Valve tags are commented out or are configured to localhost, this issue does not affect Voyager. 

If still unsure whether or not you are affected by this issue, have limited access to the Voyager server, or are uncomfortable making the configuration changes outlined below, please open a case to Voyager support for assistance.

Replace RemoteAddrValve with RemoteHostValve and enable lookups:

1. In a text editor open /m1/voyager/xxxdb/tomcat/conf/server.xml
2. In the file locate each instance of "RemoteAddrValve".
3. Comment out each Valve tag containing "RemoteAddrValve". If each Valve tag containing "RemoteAddrValve" has already been commented out, no further action is required
4. If traffic must be filtered by Tomcat, add the following Valve tag using RemoteHostValve:

<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="<regular expression>"/>

5. Configure the allowed hostname by adding hostnames as a regular expression in the "allow" setting in the above tag e.g.

 allow="localhost|hostname1\.org|hostname2\.edu"

4.  Update the connector to allow lookups; locate the following stanza:

<Connector                                                            

            enableLookups="false"
            port="7013"
            protocol="AJP/1.3"
            proxyPort="0"
            maxThreads="256"
            scheme="http"
            secure="false"
            tcpNoDelay="true"
            URIEncoding="UTF-8"
        />

5. Change the configuration in this stanza for enableLookups= to "true"
6. Save server.xml
7. Restart Tomcat

• Article last edited: 18-July-2016