Subversion Repositories Integrator Subversion

<!DOCTYPE html SYSTEM "about:legacy-compat">

<html lang="en"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><link href="../images/docs-stylesheet.css" rel="stylesheet" type="text/css"><title>Apache Tomcat 9 Configuration Reference (9.0.112) - The Valve Component</title></head><body><div id="wrapper"><header><div id="header"><div><div><div class="logo noPrint"><a href="https://tomcat.apache.org/"><img alt="Tomcat Home" src="../images/tomcat.png"></a></div><div style="height: 1px;"></div><div class="asfLogo noPrint"><a href="https://www.apache.org/" target="_blank"><img src="../images/asf-logo.svg" alt="The Apache Software Foundation" style="width: 266px; height: 83px;"></a></div><h1>Apache Tomcat 9 Configuration Reference</h1><div class="versionInfo">

            Version 9.0.112,

            <time datetime="2025-11-06">Nov 6 2025</time></div><div style="height: 1px;"></div><div style="clear: left;"></div></div></div></div></header><div id="middle"><div><div id="mainLeft" class="noprint"><div><nav><div><h2>Links</h2><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li><li><a href="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul></div><div><h2>Top Level Elements</h2><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul></div><div><h2>Executors</h2><ul><li><a href="executor.html">Executor</a></li></ul></div><div><h2>Connectors</h2><ul><li><a href="http.html">HTTP/1.1</a></li><li><a href="http2.html">HTTP/2</a></li><li><a href="ajp.html">AJP</a></li></ul></div><div><h2>Containers</h2><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul></div><div><h2>Nested Components</h2><ul><li><a href="cookie-processor.html">CookieProcessor</a></li><li><a href="credentialhandler.html">CredentialHandler</a></li><li><a href="globalresources.html">Global Resources</a></li><li><a href="jar-scanner.html">JarScanner</a></li><li><a href="jar-scan-filter.html">JarScanFilter</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="sessionidgenerator.html">SessionIdGenerator</a></li><li><a href="valve.html">Valve</a></li></ul></div><div><h2>Cluster Elements</h2><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/Membership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul></div><div><h2>web.xml</h2><ul><li><a href="filter.html">Filter</a></li></ul></div><div><h2>Other</h2><ul><li><a href="runtime-attributes.html">Runtime attributes</a></li><li><a href="systemprops.html">System properties</a></li><li><a href="jaspic.html">JASPIC</a></li></ul></div></nav></div></div><div id="mainRight"><div id="content"><h2>The Valve Component</h2><h3 id="Table_of_Contents">Table of Contents</h3><div class="text">

<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Access_Logging">Access Logging</a><ol><li><a href="#Access_Log_Valve">Access Log Valve</a><ol><li><a href="#Access_Log_Valve/Introduction">Introduction</a></li><li><a href="#Access_Log_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Extended_Access_Log_Valve">Extended Access Log Valve</a><ol><li><a href="#Extended_Access_Log_Valve/Introduction">Introduction</a></li><li><a href="#Extended_Access_Log_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#JSON_Access_Log_Valve">JSON Access Log Valve</a><ol><li><a href="#JSON_Access_Log_Valve/Introduction">Introduction</a></li><li><a href="#JSON_Access_Log_Valve/Attributes">Attributes</a></li></ol></li></ol></li><li><a href="#Access_Control">Access Control</a><ol><li><a href="#Remote_Address_Valve">Remote Address Valve</a><ol><li><a href="#Remote_Address_Valve/Introduction">Introduction</a></li><li><a href="#Remote_Address_Valve/Attributes">Attributes</a></li><li><a href="#Remote_Address_Valve/Example_localhost">Example 1</a></li><li><a href="#Remote_Address_Valve/Example_localhost_port">Example 2</a></li><li><a href="#Remote_Address_Valve/Example_port_auth">Example 3</a></li></ol></li><li><a href="#Remote_Host_Valve">Remote Host Valve</a><ol><li><a href="#Remote_Host_Valve/Introduction">Introduction</a></li><li><a href="#Remote_Host_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Remote_CIDR_Valve">Remote CIDR Valve</a><ol><li><a href="#Remote_CIDR_Valve/Introduction">Introduction</a></li><li><a href="#Remote_CIDR_Valve/Attributes">Attributes</a></li><li><a href="#Remote_CIDR_Valve/Example_localhost">Example 1</a></li><li><a href="#Remote_CIDR_Valve/Example_localhost_port">Example 2</a></li><li><a href="#Remote_CIDR_Valve/Example_port_auth">Example 3</a></li></ol></li></ol></li><li><a href="#Proxies_Support">Proxies Support</a><ol><li><a href="#Load_Balancer_Draining_Valve">Load Balancer Draining Valve</a><ol><li><a href="#Load_Balancer_Draining_Valve/Introduction">Introduction</a></li><li><a href="#Load_Balancer_Draining_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Remote_IP_Valve">Remote IP Valve</a><ol><li><a href="#Remote_IP_Valve/Introduction">Introduction</a></li><li><a href="#Remote_IP_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#SSL_Valve">SSL Valve</a><ol><li><a href="#SSL_Valve/Introduction">Introduction</a></li><li><a href="#SSL_Valve/Attributes">Attributes</a></li></ol></li></ol></li><li><a href="#Single_Sign_On_Valve">Single Sign On Valve</a><ol><li><a href="#Single_Sign_On_Valve/Introduction">Introduction</a></li><li><a href="#Single_Sign_On_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Authentication">Authentication</a><ol><li><a href="#Basic_Authenticator_Valve">Basic Authenticator Valve</a><ol><li><a href="#Basic_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#Basic_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Digest_Authenticator_Valve">Digest Authenticator Valve</a><ol><li><a href="#Digest_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#Digest_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Form_Authenticator_Valve">Form Authenticator Valve</a><ol><li><a href="#Form_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#Form_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#SSL_Authenticator_Valve">SSL Authenticator Valve</a><ol><li><a href="#SSL_Authenticator_Valve/Introduction">Introduction</a></li><li><a href="#SSL_Authenticator_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#SPNEGO_Valve">SPNEGO Valve</a><ol><li><a href="#SPNEGO_Valve/Introduction">Introduction</a></li><li><a href="#SPNEGO_Valve/Attributes">Attributes</a></li></ol></li></ol></li><li><a href="#Error_Report_Valve">Error Report Valve</a><ol><li><a href="#Error_Report_Valve/Introduction">Introduction</a></li><li><a href="#Error_Report_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Json_Error_Report_Valve">Json Error Report Valve</a><ol><li><a href="#Json_Error_Report_Valve/Introduction">Introduction</a></li><li><a href="#Json_Error_Report_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Proxy_Error_Report_Valve">Proxy Error Report Valve</a><ol><li><a href="#Proxy_Error_Report_Valve/Introduction">Introduction</a></li><li><a href="#Proxy_Error_Report_Valve/Attributes">Attributes</a></li><li><a href="#Configuration">Configuration</a></li></ol></li><li><a href="#Crawler_Session_Manager_Valve">Crawler Session Manager Valve</a><ol><li><a href="#Crawler_Session_Manager_Valve/Introduction">Introduction</a></li><li><a href="#Crawler_Session_Manager_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Stuck_Thread_Detection_Valve">Stuck Thread Detection Valve</a><ol><li><a href="#Stuck_Thread_Detection_Valve/Introduction">Introduction</a></li><li><a href="#Stuck_Thread_Detection_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Semaphore_Valve">Semaphore Valve</a><ol><li><a href="#Semaphore_Valve/Introduction">Introduction</a></li><li><a href="#Semaphore_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Health_Check_Valve">Health Check Valve</a><ol><li><a href="#Health_Check_Valve/Introduction">Introduction</a></li><li><a href="#Health_Check_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Persistent_Valve">Persistent Valve</a><ol><li><a href="#Persistent_Valve/Introduction">Introduction</a></li><li><a href="#Persistent_Valve/Attributes">Attributes</a></li></ol></li><li><a href="#Parameter_Limit_Valve">Parameter Limit Valve</a><ol><li><a href="#Parameter_Limit_Valve/Introduction">Introduction</a></li><li><a href="#Parameter_Limit_Valve/Attributes">Attributes</a></li></ol></li></ul>

</div><h3 id="Introduction">Introduction</h3><div class="text">

  <p>A <strong>Valve</strong> element represents a component that will be

  inserted into the request processing pipeline for the associated

  Catalina container (<a href="engine.html">Engine</a>,

  <a href="host.html">Host</a>, or <a href="context.html">Context</a>).

  Individual Valves have distinct processing capabilities, and are

  described individually below.</p>

    <p><em>The description below uses the variable name $CATALINA_BASE to refer the

    base directory against which most relative paths are resolved. If you have

    not configured Tomcat for multiple instances by setting a CATALINA_BASE

    directory, then $CATALINA_BASE will be set to the value of $CATALINA_HOME,

    the directory into which you have installed Tomcat.</em></p>

</div><h3 id="Access_Logging">Access Logging</h3><div class="text">

<p>Access logging is performed by valves that implement

<strong>org.apache.catalina.AccessLog</strong> interface.</p>

<div class="subsection"><h4 id="Access_Log_Valve">Access Log Valve</h4><div class="text">

  <div class="subsection"><h4 id="Access_Log_Valve/Introduction">Introduction</h4><div class="text">

    <p>The <strong>Access Log Valve</strong> creates log files in the

    same format as those created by standard web servers.  These logs

    can later be analyzed by standard log analysis tools to track page

    hit counts, user session activity, and so on.  This <code>Valve</code>

    uses self-contained logic to write its log files, which can be

    automatically rolled over at midnight each day.  (The essential

    requirement for access logging is to handle a large continuous

    stream of data with low overhead. This <code>Valve</code> does not

    use Apache Commons Logging, thus avoiding additional overhead and

    potentially complex configuration).</p>

    <p>This <code>Valve</code> may be associated with any Catalina container

    (<code>Context</code>, <code>Host</code>, or <code>Engine</code>), and

    will record ALL requests processed by that container.</p>

    <p>Some requests may be handled by Tomcat before they are passed to a

    container. These include redirects from /foo to /foo/ and the rejection of

    invalid requests. Where Tomcat can identify the <code>Context</code> that

    would have handled the request, the request/response will be logged in the

    <code>AccessLog</code>(s) associated <code>Context</code>, <code>Host</code>

    and <code>Engine</code>. Where Tomcat cannot identify the

    <code>Context</code> that would have handled the request, e.g. in cases

    where the URL is invalid, Tomcat will look first in the <code>Engine</code>,

    then the default <code>Host</code> for the <code>Engine</code> and finally

    the ROOT (or default) <code>Context</code> for the default <code>Host</code>

    for an <code>AccessLog</code> implementation. Tomcat will use the first

    <code>AccessLog</code> implementation found to log those requests that are

    rejected before they are passed to a container.</p>

    <p>The output file will be placed in the directory given by the

    <code>directory</code> attribute. The name of the file is composed

    by concatenation of the configured <code>prefix</code>, timestamp and

    <code>suffix</code>. The format of the timestamp in the file name can be

    set using the <code>fileDateFormat</code> attribute. This timestamp will

    be omitted if the file rotation is switched off by setting

    <code>rotatable</code> to <code>false</code>.</p>

    <p><strong>Warning:</strong> If multiple AccessLogValve instances

    are used, they should be configured to use different output files.</p>

    <p>If sendfile is used, the response bytes will be written asynchronously

    in a separate thread and the access log valve will not know how many bytes

    were actually written. In this case, the number of bytes that was passed to

    the sendfile thread for writing will be recorded in the access log valve.

    </p>

  </div></div>

  <div class="subsection"><h4 id="Access_Log_Valve/Attributes">Attributes</h4><div class="text">

    <p>The <strong>Access Log Valve</strong> supports the following

    configuration attributes:</p>

    <table class="defaultTable"><tr><th style="width: 15%;">

          Attribute

        </th><th style="width: 85%;">

          Description

        </th></tr><tr id="Access Log Valve_Attributes_buffered"><td><code class="attributeName">buffered</code></td><td>

        <p>Flag to determine if logging will be buffered.

           If set to <code>false</code>, then access logging will be written after each

           request. Default value: <code>true</code>

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_className"><td><strong><code class="attributeName">className</code></strong></td><td>

        <p>Java class name of the implementation to use.  This MUST be set to

        <strong>org.apache.catalina.valves.AccessLogValve</strong> to use the

        default access log valve.</p>

      </td></tr><tr id="Access Log Valve_Attributes_condition"><td><code class="attributeName">condition</code></td><td>

        <p>The same as <code>conditionUnless</code>. This attribute is

           provided for backwards compatibility.

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_conditionIf"><td><code class="attributeName">conditionIf</code></td><td>

        <p>Turns on conditional logging. If set, requests will be

           logged only if <code>ServletRequest.getAttribute()</code> is

           not null. For example, if this value is set to

           <code>important</code>, then a particular request will only be logged

           if <code>ServletRequest.getAttribute("important") != null</code>.

           The use of Filters is an easy way to set/unset the attribute

           in the ServletRequest on many different requests.

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_conditionUnless"><td><code class="attributeName">conditionUnless</code></td><td>

        <p>Turns on conditional logging. If set, requests will be

           logged only if <code>ServletRequest.getAttribute()</code> is

           null. For example, if this value is set to

           <code>junk</code>, then a particular request will only be logged

           if <code>ServletRequest.getAttribute("junk") == null</code>.

           The use of Filters is an easy way to set/unset the attribute

           in the ServletRequest on many different requests.

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_directory"><td><code class="attributeName">directory</code></td><td>

        <p>Absolute or relative pathname of a directory in which log files

        created by this valve will be placed.  If a relative path is

        specified, it is interpreted as relative to $CATALINA_BASE.  If

        no directory attribute is specified, the default value is "logs"

        (relative to $CATALINA_BASE).</p>

      </td></tr><tr id="Access Log Valve_Attributes_encoding"><td><code class="attributeName">encoding</code></td><td>

        <p>Character set used to write the log file. An empty string means

        to use the default character set. Default value: UTF-8.

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_fileDateFormat"><td><code class="attributeName">fileDateFormat</code></td><td>

        <p>Allows a customized timestamp in the access log file name.

           The file is rotated whenever the formatted timestamp changes.

           The default value is <code>.yyyy-MM-dd</code>.

           If you wish to rotate every hour, then set this value

           to <code>.yyyy-MM-dd.HH</code>.

           The date format will always be localized

           using the locale <code>en_US</code>.

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_ipv6Canonical"><td><code class="attributeName">ipv6Canonical</code></td><td>

        <p>Flag to determine if IPv6 addresses should be represented in canonical

           representation format as defined by RFC 5952. If set to <code>true</code>,

           then IPv6 addresses will be written in canonical format (e.g.

           <code>2001:db8::1:0:0:1</code>, <code>::1</code>), otherwise it will be

           represented in full form (e.g. <code>2001:db8:0:0:1:0:0:1</code>,

           <code>0:0:0:0:0:0:0:1</code>). Default value: <code>false</code>

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_locale"><td><code class="attributeName">locale</code></td><td>

        <p>The locale used to format timestamps in the access log

           lines. Any timestamps configured using an

           explicit SimpleDateFormat pattern (<code>%{xxx}t</code>)

           are formatted in this locale. By default the

           default locale of the Java process is used. Switching the

           locale after the AccessLogValve is initialized is not supported.

           Any timestamps using the common log format

           (<code>CLF</code>) are always formatted in the locale

           <code>en_US</code>.

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_maxDays"><td><code class="attributeName">maxDays</code></td><td>

        <p>The maximum number of days rotated access logs will be retained for

           before being deleted. If not specified, the default value of

           <code>-1</code> will be used which means never delete old files.</p>

      </td></tr><tr id="Access Log Valve_Attributes_maxLogMessageBufferSize"><td><code class="attributeName">maxLogMessageBufferSize</code></td><td>

        <p>Log message buffers are usually recycled and re-used. To prevent

           excessive memory usage, if a buffer grows beyond this size it will be

           discarded. The default is <code>256</code> characters. This should be

           set to larger than the typical access log message size.</p>

      </td></tr><tr id="Access Log Valve_Attributes_pattern"><td><code class="attributeName">pattern</code></td><td>

        <p>A formatting layout identifying the various information fields

        from the request and response to be logged, or the word

        <code>common</code> or <code>combined</code> to select a

        standard format.  See below for more information on configuring

        this attribute.</p>

      </td></tr><tr id="Access Log Valve_Attributes_prefix"><td><code class="attributeName">prefix</code></td><td>

        <p>The prefix added to the start of each log file's name.  If not

        specified, the default value is "access_log".</p>

      </td></tr><tr id="Access Log Valve_Attributes_renameOnRotate"><td><code class="attributeName">renameOnRotate</code></td><td>

        <p>By default for a rotatable log the active access log file name

           will contain the current timestamp in <code>fileDateFormat</code>.

           During rotation the file is closed and a new file with the next

           timestamp in the name is created and used. When setting

           <code>renameOnRotate</code> to <code>true</code>, the timestamp

           is no longer part of the active log file name. Only during rotation

           the file is closed and then renamed to include the timestamp.

           This is similar to the behavior of most log frameworks when

           doing time based rotation.

           Default value: <code>false</code>

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_requestAttributesEnabled"><td><code class="attributeName">requestAttributesEnabled</code></td><td>

        <p>Set to <code>true</code> to check for the existence of request

        attributes (typically set by the RemoteIpValve and similar) that should

        be used to override the values returned by the request for remote

        address, remote host, server port and protocol. If the attributes are

        not set, or this attribute is set to <code>false</code> then the values

        from the request will be used. If not set, the default value of

        <code>false</code> will be used.</p>

      </td></tr><tr id="Access Log Valve_Attributes_resolveHosts"><td><code class="attributeName">resolveHosts</code></td><td>

        <p>This attribute is no longer supported. Use the connector

        attribute <code>enableLookups</code> instead.</p>

        <p>If you have <code>enableLookups</code> on the connector set to

        <code>true</code> and want to ignore it, use <b>%a</b> instead of

        <b>%h</b> in the value of <code>pattern</code>.</p>

      </td></tr><tr id="Access Log Valve_Attributes_rotatable"><td><code class="attributeName">rotatable</code></td><td>

        <p>Flag to determine if log rotation should occur.

           If set to <code>false</code>, then this file is never rotated and

           <code>fileDateFormat</code> is ignored.

           Default value: <code>true</code>

        </p>

      </td></tr><tr id="Access Log Valve_Attributes_suffix"><td><code class="attributeName">suffix</code></td><td>

        <p>The suffix added to the end of each log file's name.  If not

        specified, the default value is "" (a zero-length string),

        meaning that no suffix will be added.</p>

      </td></tr></table>

    <p>Values for the <code>pattern</code> attribute are made up of literal

    text strings, combined with pattern identifiers prefixed by the "%"

    character to cause replacement by the corresponding variable value from

    the current request and response.  The following pattern codes are

    supported:</p>

    <ul>

    <li><b><code>%a</code></b> - Remote IP address.

        See also <code>%{xxx}a</code> below.</li>

    <li><b><code>%A</code></b> - Local IP address</li>

    <li><b><code>%b</code></b> - Bytes sent, excluding HTTP headers, or '-' if zero</li>

    <li><b><code>%B</code></b> - Bytes sent, excluding HTTP headers</li>

    <li><b><code>%D</code></b> - Time taken to process the request in millis. Note: In

        httpd %D is microseconds. Behaviour will be aligned to httpd

        in Tomcat 10 onwards.</li>

    <li><b><code>%F</code></b> - Time taken to commit the response, in milliseconds</li>

    <li><b><code>%h</code></b> - Remote host name (or IP address if

        <code>enableLookups</code> for the connector is false)</li>

    <li><b><code>%H</code></b> - Request protocol</li>

    <li><b><code>%I</code></b> - Current request thread name (can compare later with stacktraces)</li>

    <li><b><code>%l</code></b> - Remote logical username from identd (always returns

        '-')</li>

    <li><b><code>%m</code></b> - Request method (GET, POST, etc.)</li>

    <li><b><code>%p</code></b> - Local port on which this request was received.

        See also <code>%{xxx}p</code> below.</li>

    <li><b><code>%q</code></b> - Query string (prepended with a '?' if it exists)</li>

    <li><b><code>%r</code></b> - First line of the request (method and request URI)</li>

    <li><b><code>%s</code></b> - HTTP status code of the response</li>

    <li><b><code>%S</code></b> - User session ID</li>

    <li><b><code>%t</code></b> - Date and time, in Common Log Format</li>

    <li><b><code>%T</code></b> - Time taken to process the request, in seconds. Note: This

        value has millisecond resolution whereas in httpd it has

        second resolution. Behaviour will be align to httpd

        in Tomcat 10 onwards.</li>

    <li><b><code>%u</code></b> - Remote user that was authenticated (if any), else '-' (escaped if required)</li>

    <li><b><code>%U</code></b> - Requested URL path</li>

    <li><b><code>%v</code></b> - Local server name</li>

    <li><b><code>%X</code></b> - Connection status when response is completed:

      <ul>

        <li><code>X</code> = Connection aborted before the response completed.</li>

        <li><code>+</code> = Connection may be kept alive after the response is sent.</li>

        <li><code>-</code> = Connection will be closed after the response is sent.</li>

      </ul>

    </li>

    </ul>

    <p>

    There is also support to write information incoming or outgoing

    headers, cookies, session or request attributes and special

    timestamp formats.

    It is modeled after the

    <a href="https://httpd.apache.org/">Apache HTTP Server</a> log configuration

    syntax. Each of them can be used multiple times with different <code>xxx</code> keys:

    </p>

    <ul>

    <li><b><code>%{xxx}a</code></b> write remote address (client) (<code>xxx==remote</code>) or

        connection peer address (<code>xxx=peer</code>)</li>

    <li><b><code>%{xxx}i</code></b> write value of incoming header with name <code>xxx</code> (escaped if required)</li>

    <li><b><code>%{xxx}o</code></b> write value of outgoing header with name <code>xxx</code> (escaped if required)</li>

    <li><b><code>%{xxx}c</code></b> write value of cookie(s) with name <code>xxx</code> (comma separated and escaped if required)</li>

    <li><b><code>%{xxx}r</code></b> write value of ServletRequest attribute with name <code>xxx</code> (escaped if required, value <code>??</code> if request is null)</li>

    <li><b><code>%{xxx}s</code></b> write value of HttpSession attribute with name <code>xxx</code> (escaped if required, value <code>??</code> if request is null)</li>

    <li><b><code>%{xxx}p</code></b> write local (server) port (<code>xxx==local</code>) or

        remote (client) port (<code>xxx=remote</code>)</li>

    <li><b><code>%{xxx}t</code></b> write timestamp at the end of the request formatted using the

        enhanced SimpleDateFormat pattern <code>xxx</code></li>

    </ul>

    <p>All formats supported by SimpleDateFormat are allowed in <code>%{xxx}t</code>.

    In addition the following extensions have been added:</p>

    <ul>

    <li><b><code>sec</code></b> - number of seconds since the epoch</li>

    <li><b><code>msec</code></b> - number of milliseconds since the epoch</li>

    <li><b><code>msec_frac</code></b> - millisecond fraction</li>

    </ul>

    <p>These formats cannot be mixed with SimpleDateFormat formats in the same format

    token.</p>

    <p>Furthermore one can define whether to log the timestamp for the request start

    time or the response finish time:</p>

    <ul>

    <li><b><code>begin</code></b> or prefix <b><code>begin:</code></b> chooses

    the request start time</li>

    <li><b><code>end</code></b> or prefix <b><code>end:</code></b> chooses

    the response finish time</li>

    </ul>

    <p>By adding multiple <code>%{xxx}t</code> tokens to the pattern, one can

    also log both timestamps.</p>

    <p>Escaping is applied as follows:</p>

    <ul>

    <li><code>"</code> is escaped as <code>\"</code></li>

    <li><code>\</code> is escaped as <code>\\</code></li>

    <li>Standard C escaping are used for <code>\f</code>, <code>\n</code>,

        <code>\r</code> and <code>\t</code></li>

    <li>Any other control characters or characters with code points above 127

        are encoded using the standard Java unicode escaping

        (<code>\uXXXX</code>)</li>

    </ul>

    <p>The shorthand pattern <code>pattern="common"</code>

    corresponds to the Common Log Format defined by

    <strong>'%h %l %u %t "%r" %s %b'</strong>.</p>

    <p>The shorthand pattern <code>pattern="combined"</code>

    appends the values of the <code>Referer</code> and <code>User-Agent</code>

    headers, each in double quotes, to the <code>common</code> pattern.</p>

    <p>Fields using unknown pattern identifiers will be logged as <code>???X???</code>

    where <code>X</code> is the unknown identifier. Fields with unknown pattern identifier

    plus <code>{xxx}</code> key will be logged as <code>???</code>.</p>

    <p>When Tomcat is operating behind a reverse proxy, the client information

    logged by the Access Log Valve may represent the reverse proxy, the browser

    or some combination of the two depending on the configuration of Tomcat and

    the reverse proxy. For Tomcat configuration options see

    <a href="#Proxies_Support">Proxies Support</a> and the

    <a href="../proxy-howto.html">Proxy How-To</a>. For reverse proxies that

    use mod_jk, see the <a href="https://tomcat.apache.org/connectors-doc/generic_howto/proxy.html">generic

    proxy</a> documentation. For other reverse proxies, consult their

    documentation.</p>

  </div></div>

</div></div>

<div class="subsection"><h4 id="Extended_Access_Log_Valve">Extended Access Log Valve</h4><div class="text">

  <div class="subsection"><h4 id="Extended_Access_Log_Valve/Introduction">Introduction</h4><div class="text">

    <p>The <strong>Extended Access Log Valve</strong> extends the

    <a href="#Access_Log_Valve">Access Log Valve</a> class, and so

    uses the same self-contained logging logic.  This means it

    implements many of the same file handling attributes.  The main

    difference to the standard <code>AccessLogValve</code> is that

    <code>ExtendedAccessLogValve</code> creates log files which

    conform to the Working Draft for the

    <a href="https://www.w3.org/TR/WD-logfile.html">Extended Log File Format</a>

    defined by the W3C.</p>

  </div></div>

  <div class="subsection"><h4 id="Extended_Access_Log_Valve/Attributes">Attributes</h4><div class="text">

    <p>The <strong>Extended Access Log Valve</strong> supports all

    configuration attributes of the standard

    <a href="#Access_Log_Valve">Access Log Valve.</a> Only the

    values used for <code>className</code> and <code>pattern</code> differ.</p>

    <table class="defaultTable"><tr><th style="width: 15%;">

          Attribute

        </th><th style="width: 85%;">

          Description

        </th></tr><tr id="Extended Access Log Valve_Attributes_className"><td><strong><code class="attributeName">className</code></strong></td><td>

        <p>Java class name of the implementation to use.  This MUST be set to

        <strong>org.apache.catalina.valves.ExtendedAccessLogValve</strong> to

        use the extended access log valve.</p>

      </td></tr><tr id="Extended Access Log Valve_Attributes_pattern"><td><code class="attributeName">pattern</code></td><td>

        <p>A formatting layout identifying the various information fields

        from the request and response to be logged.

        See below for more information on configuring this attribute.</p>

      </td></tr></table>

    <p>Values for the <code>pattern</code> attribute are made up of

    format tokens. Some of the tokens need an additional prefix. Possible

    prefixes are <code>c</code> for "client", <code>s</code> for "server",

    <code>cs</code> for "client to server", <code>sc</code> for

    "server to client" or <code>x</code> for "application specific".

    Furthermore some tokens are completed by an additional selector.

    See the <a href="https://www.w3.org/TR/WD-logfile.html">W3C specification</a>

    for more information about the format.</p>

    <p>The following format tokens are supported:</p>

    <ul>

    <li><b>bytes</b> - Bytes sent, excluding HTTP headers, or '-' if zero</li>

    <li><b>c-dns</b> - Remote host name (or IP address if

        <code>enableLookups</code> for the connector is false)</li>

    <li><b>c-ip</b> - Remote IP address</li>

    <li><b>cs-method</b> - Request method (GET, POST, etc.)</li>