You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/04/24 17:02:15 UTC

[Bug 57856] New: RemoteIpFilter does not replace Request within Response

https://bz.apache.org/bugzilla/show_bug.cgi?id=57856

            Bug ID: 57856
           Summary: RemoteIpFilter does not replace Request within
                    Response
           Product: Tomcat 8
           Version: trunk
          Hardware: PC
            Status: NEW
          Severity: major
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: james@lonelystorm.com

I've noticed an issue with the org.apache.catalina.connector.Response where the
toAbsolute method called during a relative redirect is generating the wrong
absolute uri.

If you enable the org.apache.catalina.filters.RemoteIpFilter to allow an
upstream proxy to control whether the server is available over HTTP/HTTPS by
setting an header such as "X-Forwarded-Proto", this state is not replicated
within the Response.

Therefore, when the uri is generated, the scheme is not replaced with the value
that is actually available within the Request so it will generate for HTTP
scheme only.

I believe the RemoteIpFilter should also implement a wrapper for the Response
on the sendRedirect method to correctly generate the URI.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 57856] RemoteIpFilter does not replace Request within Response

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=57856

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
I found a reasonably simple way to fix this. It isn't as clean as I would like
but it should work with any app server and didn't require a large duplication
of code or equivalent refactoring.

The fix has been applied to trunk (for 9.0.x), 8.0.x/trunk (for 8.0.22 onwards)
and 7.0.x (for 7.0.62 onwards).

Thanks for the report and enjoy the fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 57856] RemoteIpFilter does not replace Request within Response

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=57856

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Looking at the code, there will be a similar problem for ports.

There doesn't appear to be an easy/obvious way to fix this as the current
sendRedirect() implementation makes extensive use of Tomcat internals. I'm
currently looking at various options.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org