You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/05/18 15:55:12 UTC
svn commit: r1680034 - in /tomcat/trunk:
java/org/apache/catalina/valves/RemoteIpValve.java
test/org/apache/catalina/valves/TestRemoteIpValve.java
Author: markt
Date: Mon May 18 13:55:12 2015
New Revision: 1680034
URL: http://svn.apache.org/r1680034
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57926
Restore the original X-Forwarded-By and X-Forwarded-For headers after processing along with the other original values.
Modified:
tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1680034&r1=1680033&r2=1680034&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon May 18 13:55:12 2015
@@ -31,6 +31,7 @@ import org.apache.catalina.connector.Req
import org.apache.catalina.connector.Response;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.util.http.MimeHeaders;
/**
* <p>
@@ -566,6 +567,8 @@ public class RemoteIpValve extends Valve
final String originalScheme = request.getScheme();
final boolean originalSecure = request.isSecure();
final int originalServerPort = request.getServerPort();
+ final String originalProxiesHeader = request.getHeader(proxiesHeader);
+ final String originalRemoteIpHeader = request.getHeader(remoteIpHeader);
if (internalProxies !=null &&
internalProxies.matcher(originalRemoteAddr).matches()) {
@@ -677,10 +680,23 @@ public class RemoteIpValve extends Valve
request.setSecure(originalSecure);
+ MimeHeaders headers = request.getCoyoteRequest().getMimeHeaders();
// use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0
request.getCoyoteRequest().scheme().setString(originalScheme);
request.setServerPort(originalServerPort);
+
+ if (originalProxiesHeader == null || originalProxiesHeader.length() == 0) {
+ headers.removeHeader(proxiesHeader);
+ } else {
+ headers.setValue(proxiesHeader).setString(originalProxiesHeader);
+ }
+
+ if (originalRemoteIpHeader == null || originalRemoteIpHeader.length() == 0) {
+ headers.removeHeader(remoteIpHeader);
+ } else {
+ headers.setValue(remoteIpHeader).setString(originalRemoteIpHeader);
+ }
}
}
Modified: tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java?rev=1680034&r1=1680033&r2=1680034&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java (original)
+++ tomcat/trunk/test/org/apache/catalina/valves/TestRemoteIpValve.java Mon May 18 13:55:12 2015
@@ -48,6 +48,8 @@ public class TestRemoteIpValve {
private String scheme;
private boolean secure;
private int serverPort;
+ private String forwardedFor;
+ private String forwardedBy;
public String getRemoteAddr() {
return remoteAddr;
@@ -69,6 +71,14 @@ public class TestRemoteIpValve {
return secure;
}
+ public String getForwardedFor() {
+ return forwardedFor;
+ }
+
+ public String getForwardedBy() {
+ return forwardedBy;
+ }
+
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
this.remoteHost = request.getRemoteHost();
@@ -76,6 +86,8 @@ public class TestRemoteIpValve {
this.scheme = request.getScheme();
this.secure = request.isSecure();
this.serverPort = request.getServerPort();
+ this.forwardedFor = request.getHeader("x-forwarded-for");
+ this.forwardedBy = request.getHeader("x-forwarded-by");
}
}
@@ -173,10 +185,10 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
- String actualXForwardedBy = request.getHeader("x-forwarded-by");
+ String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
@@ -215,10 +227,10 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
- String actualXForwardedBy = request.getHeader("x-forwarded-by");
+ String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
@@ -256,7 +268,7 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are internal, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
@@ -299,10 +311,10 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
- String actualXForwardedBy = request.getHeader("x-forwarded-by");
+ String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertEquals("all proxies are trusted, they must appear in x-forwarded-by", "proxy1, proxy2", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
@@ -340,7 +352,7 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
@@ -372,7 +384,7 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- actualXForwardedFor = request.getHeader("x-forwarded-for");
+ actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("all proxies are trusted, x-forwarded-for must be null", actualXForwardedFor);
actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
@@ -424,7 +436,7 @@ public class TestRemoteIpValve {
// VERIFY
// client ip
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
@@ -489,7 +501,7 @@ public class TestRemoteIpValve {
// VERIFY
// client ip
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
@@ -554,10 +566,10 @@ public class TestRemoteIpValve {
// VERIFY
// client ip
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
- String actualXForwardedBy = request.getHeader("x-forwarded-by");
+ String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertNull("no intermediate trusted proxy", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
@@ -619,7 +631,7 @@ public class TestRemoteIpValve {
// VERIFY
// client ip
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertNull("no intermediate non-trusted proxy, x-forwarded-for must be null", actualXForwardedFor);
String actualXForwardedBy = request.getHeader("x-forwarded-by");
@@ -719,10 +731,10 @@ public class TestRemoteIpValve {
remoteIpValve.invoke(request, null);
// VERIFY
- String actualXForwardedFor = request.getHeader("x-forwarded-for");
+ String actualXForwardedFor = remoteAddrAndHostTrackerValve.getForwardedFor();
assertEquals("ip/host before untrusted-proxy must appear in x-forwarded-for", "140.211.11.130, proxy1", actualXForwardedFor);
- String actualXForwardedBy = request.getHeader("x-forwarded-by");
+ String actualXForwardedBy = remoteAddrAndHostTrackerValve.getForwardedBy();
assertEquals("ip/host after untrusted-proxy must appear in x-forwarded-by", "proxy2", actualXForwardedBy);
String actualRemoteAddr = remoteAddrAndHostTrackerValve.getRemoteAddr();
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org