You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by pa...@apache.org on 2021/03/05 12:30:31 UTC

[wicket] branch master updated: Do not try to resolve X-Forwarded-For header

This is an automated email from the ASF dual-hosted git repository.

papegaaij pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git


The following commit(s) were added to refs/heads/master by this push:
     new 84f62a5  Do not try to resolve X-Forwarded-For header
84f62a5 is described below

commit 84f62a5cff462eaa3bfaf171b0638c7e7feea30d
Author: Emond Papegaaij <em...@topicus.nl>
AuthorDate: Fri Mar 5 13:28:15 2021 +0100

    Do not try to resolve X-Forwarded-For header
    
    The remote address is reported by HttpServletRequest. Configuration of
    this property is normally done via the application server. If this is
    somehow not possible, use XForwardedRequestWrapperFactory.
---
 .../protocol/http/request/WebClientInfo.java       | 40 +++-------------------
 1 file changed, 4 insertions(+), 36 deletions(-)

diff --git a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
index b5d0544..d8e552c 100644
--- a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
+++ b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
@@ -140,48 +140,16 @@ public class WebClientInfo extends ClientInfo
 	}
 
 	/**
-	 * When using ProxyPass, requestCycle().getHttpServletRequest(). getRemoteAddr() returns the IP
-	 * of the machine forwarding the request. In order to maintain the clients ip address, the
-	 * server places it in the <a
-	 * href="http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers">X-Forwarded-For</a>
-	 * Header.
-	 *
-	 * Proxies may also mask the original client IP with tokens like "hidden" or "unknown".
-	 * If so, the last proxy ip address is returned.
+	 * Returns the IP address from {@code HttpServletRequest.getRemoteAddr()}.
 	 *
 	 * @param requestCycle
 	 *            the request cycle
-	 * @return remoteAddr IP address of the client, using the X-Forwarded-For header and defaulting
-	 *         to: getHttpServletRequest().getRemoteAddr()
+	 * @return remoteAddr IP address of the client, using
+	 *         {@code getHttpServletRequest().getRemoteAddr()}
 	 */
 	protected String getRemoteAddr(RequestCycle requestCycle)
 	{
 		ServletWebRequest request = (ServletWebRequest)requestCycle.getRequest();
-		HttpServletRequest req = request.getContainerRequest();
-		String remoteAddr = request.getHeader("X-Forwarded-For");
-
-		if (remoteAddr != null)
-		{
-			if (remoteAddr.contains(","))
-			{
-				// sometimes the header is of form client ip,proxy 1 ip,proxy 2 ip,...,proxy n ip,
-				// we just want the client
-				remoteAddr = Strings.split(remoteAddr, ',')[0].trim();
-			}
-			try
-			{
-				// If ip4/6 address string handed over, simply does pattern validation.
-				InetAddress.getByName(remoteAddr);
-			}
-			catch (UnknownHostException e)
-			{
-				remoteAddr = req.getRemoteAddr();
-			}
-		}
-		else
-		{
-			remoteAddr = req.getRemoteAddr();
-		}
-		return remoteAddr;
+		return request.getContainerRequest().getRemoteAddr();
 	}
 }

Re: [wicket] branch master updated: Do not try to resolve X-Forwarded-For header

Posted by Maxim Solodovnik <so...@gmail.com>.

LGTM :))

On Fri, 5 Mar 2021 at 19:30, <pa...@apache.org> wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> papegaaij pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/wicket.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>      new 84f62a5  Do not try to resolve X-Forwarded-For header
> 84f62a5 is described below
>
> commit 84f62a5cff462eaa3bfaf171b0638c7e7feea30d
> Author: Emond Papegaaij <em...@topicus.nl>
> AuthorDate: Fri Mar 5 13:28:15 2021 +0100
>
>     Do not try to resolve X-Forwarded-For header
>
>     The remote address is reported by HttpServletRequest. Configuration of
>     this property is normally done via the application server. If this is
>     somehow not possible, use XForwardedRequestWrapperFactory.
> ---
>  .../protocol/http/request/WebClientInfo.java       | 40
> +++-------------------
>  1 file changed, 4 insertions(+), 36 deletions(-)
>
> diff --git
> a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> index b5d0544..d8e552c 100644
> ---
> a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> +++
> b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> @@ -140,48 +140,16 @@ public class WebClientInfo extends ClientInfo
>         }
>
>         /**
> -        * When using ProxyPass, requestCycle().getHttpServletRequest().
> getRemoteAddr() returns the IP
> -        * of the machine forwarding the request. In order to maintain the
> clients ip address, the
> -        * server places it in the <a
> -        * href="
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
> ">X-Forwarded-For</a>
> -        * Header.
> -        *
> -        * Proxies may also mask the original client IP with tokens like
> "hidden" or "unknown".
> -        * If so, the last proxy ip address is returned.
> +        * Returns the IP address from {@code
> HttpServletRequest.getRemoteAddr()}.
>          *
>          * @param requestCycle
>          *            the request cycle
> -        * @return remoteAddr IP address of the client, using the
> X-Forwarded-For header and defaulting
> -        *         to: getHttpServletRequest().getRemoteAddr()
> +        * @return remoteAddr IP address of the client, using
> +        *         {@code getHttpServletRequest().getRemoteAddr()}
>          */
>         protected String getRemoteAddr(RequestCycle requestCycle)
>         {
>                 ServletWebRequest request =
> (ServletWebRequest)requestCycle.getRequest();
> -               HttpServletRequest req = request.getContainerRequest();
> -               String remoteAddr = request.getHeader("X-Forwarded-For");
> -
> -               if (remoteAddr != null)
> -               {
> -                       if (remoteAddr.contains(","))
> -                       {
> -                               // sometimes the header is of form client
> ip,proxy 1 ip,proxy 2 ip,...,proxy n ip,
> -                               // we just want the client
> -                               remoteAddr = Strings.split(remoteAddr,
> ',')[0].trim();
> -                       }
> -                       try
> -                       {
> -                               // If ip4/6 address string handed over,
> simply does pattern validation.
> -                               InetAddress.getByName(remoteAddr);
> -                       }
> -                       catch (UnknownHostException e)
> -                       {
> -                               remoteAddr = req.getRemoteAddr();
> -                       }
> -               }
> -               else
> -               {
> -                       remoteAddr = req.getRemoteAddr();
> -               }
> -               return remoteAddr;
> +               return request.getContainerRequest().getRemoteAddr();
>         }
>  }
>
>

-- 
Best regards,
Maxim