I recently upgraded from Tomcat 8.0 to 8.5
Since the upgrade, hosts from other subnets get a 400 response to requests, but on the same subnet the application runs without errors (!)
127.0.0.1 - - [06/Feb/2019:09:17:58 +0000] "GET /app/login.jsf HTTP/1.1" 200 5976
...
10.60.255.86 - - [06/Feb/2019:10:24:19 +0000] "GET /app/login.jsf HTTP/1.1" 400 –
...
fe80:0:0:0:e85f:958:813c:dee%12 - - [06/Feb/2019:10:25:53 +0000] "GET /app/login.jsf HTTP/1.1" 200 5975
...
(the IPv6 address is the local machine)
There are no RemoteIpValve settings in server.xml, there's no RemoteAddrValve in context.xml.
Where else should I be looking? Is this a default behaviour?
Best Answer
and a few minutes after posting the question I work it out for myself.
The hosts outside the subnet were using a different name to connect - speficially that DNS name had an underscore character in it. Underscores are not allowed in DNS names. Tomcat 8 does not care. Tomcat 8.5 is more sensible.
It would have been nice if Tomcat had logged why it rejected the requests.