You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/12/09 10:48:43 UTC
svn commit: r1549524 - in /tomcat/trunk:
java/org/apache/catalina/filters/RemoteIpFilter.java
java/org/apache/catalina/valves/RemoteIpValve.java
webapps/docs/config/filter.xml webapps/docs/config/valve.xml
Author: markt
Date: Mon Dec 9 09:48:42 2013
New Revision: 1549524
URL: http://svn.apache.org/r1549524
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55820
Include the 172.16/12 range in the default value for internal proxies.
Modified:
tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
tomcat/trunk/webapps/docs/config/filter.xml
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Dec 9 09:48:42 2013
@@ -107,9 +107,12 @@ import org.apache.juli.logging.LogFactor
* <td>RemoteIPInternalProxy</td>
* <td>Regular expression (in the syntax supported by
* {@link java.util.regex.Pattern java.util.regex})</td>
- * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} <br/>
- * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to
- * describe with regular expressions</td>
+ * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
+ * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
+ * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
+ * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
+ * <br/>
+ * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.</td>
* </tr>
* </tr>
* <tr>
@@ -695,7 +698,10 @@ public class RemoteIpFilter implements F
"10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
"192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
"169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
- "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
/**
* @see #setProtocolHeader(String)
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Dec 9 09:48:42 2013
@@ -88,9 +88,12 @@ import org.apache.juli.logging.LogFactor
* <td>RemoteIPInternalProxy</td>
* <td>Regular expression (in the syntax supported by
* {@link java.util.regex.Pattern java.util.regex})</td>
- * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}<br/>
- * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to
- * describe with regular expressions</td>
+ * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
+ * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
+ * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
+ * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
+ * <br/>
+ * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.</td>
* </tr>
* </tr>
* <tr>
@@ -406,7 +409,10 @@ public class RemoteIpValve extends Valve
"10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
"192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
"169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
- "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
/**
* @see #setProtocolHeader(String)
Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Mon Dec 9 09:48:42 2013
@@ -1202,7 +1202,7 @@ FINE: Request "/docs/config/manager.html
Internal proxies that appear in the <strong>remoteIpHeader</strong> will
be trusted and will not appear in the <strong>proxiesHeader</strong>
value. If not specified the default value of <code>
- 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
+ 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
</code> will be used.</p>
</attribute>
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Mon Dec 9 09:48:42 2013
@@ -1296,7 +1296,7 @@
Internal proxies that appear in the <strong>remoteIpHeader</strong> will
be trusted and will not appear in the <strong>proxiesHeader</strong>
value. If not specified the default value of <code>
- 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
+ 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
</code> will be used.</p>
</attribute>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1549524 - in /tomcat/trunk: java/org/apache/catalina/filters/RemoteIpFilter.java
java/org/apache/catalina/valves/RemoteIpValve.java webapps/docs/config/filter.xml
webapps/docs/config/valve.xml
Posted by Konstantin Kolinko <kn...@gmail.com>.
2013/12/9 <ma...@apache.org>:
> Author: markt
> Date: Mon Dec 9 09:48:42 2013
> New Revision: 1549524
>
> URL: http://svn.apache.org/r1549524
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55820
> Include the 172.16/12 range in the default value for internal proxies.
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
> tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> tomcat/trunk/webapps/docs/config/filter.xml
> tomcat/trunk/webapps/docs/config/valve.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
> +++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Dec 9 09:48:42 2013
> @@ -107,9 +107,12 @@ import org.apache.juli.logging.LogFactor
> * <td>RemoteIPInternalProxy</td>
> * <td>Regular expression (in the syntax supported by
> * {@link java.util.regex.Pattern java.util.regex})</td>
> - * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} <br/>
> - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to
> - * describe with regular expressions</td>
> + * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
> + * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
> + * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
> + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
I think the "{1}" above is superfluous, as that is the default
cardinality. It may need a test, though.
> + * <br/>
> + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.</td>
> * </tr>
> * </tr>
> * <tr>
> @@ -695,7 +698,10 @@ public class RemoteIpFilter implements F
> "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
> "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
> "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
> - "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
> + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
> + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
>
> /**
> * @see #setProtocolHeader(String)
>
> Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
> +++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Dec 9 09:48:42 2013
> @@ -88,9 +88,12 @@ import org.apache.juli.logging.LogFactor
> * <td>RemoteIPInternalProxy</td>
> * <td>Regular expression (in the syntax supported by
> * {@link java.util.regex.Pattern java.util.regex})</td>
> - * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}<br/>
> - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to
> - * describe with regular expressions</td>
> + * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
> + * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
> + * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
> + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
> + * <br/>
> + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.</td>
> * </tr>
> * </tr>
> * <tr>
> @@ -406,7 +409,10 @@ public class RemoteIpValve extends Valve
> "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
> "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
> "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
> - "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
> + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
> + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
>
> /**
> * @see #setProtocolHeader(String)
>
> Modified: tomcat/trunk/webapps/docs/config/filter.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/config/filter.xml (original)
> +++ tomcat/trunk/webapps/docs/config/filter.xml Mon Dec 9 09:48:42 2013
> @@ -1202,7 +1202,7 @@ FINE: Request "/docs/config/manager.html
> Internal proxies that appear in the <strong>remoteIpHeader</strong> will
> be trusted and will not appear in the <strong>proxiesHeader</strong>
> value. If not specified the default value of <code>
> - 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
> + 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
> </code> will be used.</p>
> </attribute>
>
>
> Modified: tomcat/trunk/webapps/docs/config/valve.xml
> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/config/valve.xml (original)
> +++ tomcat/trunk/webapps/docs/config/valve.xml Mon Dec 9 09:48:42 2013
> @@ -1296,7 +1296,7 @@
> Internal proxies that appear in the <strong>remoteIpHeader</strong> will
> be trusted and will not appear in the <strong>proxiesHeader</strong>
> value. If not specified the default value of <code>
> - 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
> + 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
> </code> will be used.</p>
> </attribute>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org