You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by pa...@apache.org on 2021/03/05 12:30:31 UTC
[wicket] branch master updated: Do not try to resolve
X-Forwarded-For header
This is an automated email from the ASF dual-hosted git repository.
papegaaij pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/wicket.git
The following commit(s) were added to refs/heads/master by this push:
new 84f62a5 Do not try to resolve X-Forwarded-For header
84f62a5 is described below
commit 84f62a5cff462eaa3bfaf171b0638c7e7feea30d
Author: Emond Papegaaij <em...@topicus.nl>
AuthorDate: Fri Mar 5 13:28:15 2021 +0100
Do not try to resolve X-Forwarded-For header
The remote address is reported by HttpServletRequest. Configuration of
this property is normally done via the application server. If this is
somehow not possible, use XForwardedRequestWrapperFactory.
---
.../protocol/http/request/WebClientInfo.java | 40 +++-------------------
1 file changed, 4 insertions(+), 36 deletions(-)
diff --git a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
index b5d0544..d8e552c 100644
--- a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
+++ b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
@@ -140,48 +140,16 @@ public class WebClientInfo extends ClientInfo
}
/**
- * When using ProxyPass, requestCycle().getHttpServletRequest(). getRemoteAddr() returns the IP
- * of the machine forwarding the request. In order to maintain the clients ip address, the
- * server places it in the <a
- * href="http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers">X-Forwarded-For</a>
- * Header.
- *
- * Proxies may also mask the original client IP with tokens like "hidden" or "unknown".
- * If so, the last proxy ip address is returned.
+ * Returns the IP address from {@code HttpServletRequest.getRemoteAddr()}.
*
* @param requestCycle
* the request cycle
- * @return remoteAddr IP address of the client, using the X-Forwarded-For header and defaulting
- * to: getHttpServletRequest().getRemoteAddr()
+ * @return remoteAddr IP address of the client, using
+ * {@code getHttpServletRequest().getRemoteAddr()}
*/
protected String getRemoteAddr(RequestCycle requestCycle)
{
ServletWebRequest request = (ServletWebRequest)requestCycle.getRequest();
- HttpServletRequest req = request.getContainerRequest();
- String remoteAddr = request.getHeader("X-Forwarded-For");
-
- if (remoteAddr != null)
- {
- if (remoteAddr.contains(","))
- {
- // sometimes the header is of form client ip,proxy 1 ip,proxy 2 ip,...,proxy n ip,
- // we just want the client
- remoteAddr = Strings.split(remoteAddr, ',')[0].trim();
- }
- try
- {
- // If ip4/6 address string handed over, simply does pattern validation.
- InetAddress.getByName(remoteAddr);
- }
- catch (UnknownHostException e)
- {
- remoteAddr = req.getRemoteAddr();
- }
- }
- else
- {
- remoteAddr = req.getRemoteAddr();
- }
- return remoteAddr;
+ return request.getContainerRequest().getRemoteAddr();
}
}
Re: [wicket] branch master updated: Do not try to resolve
X-Forwarded-For header
Posted by Maxim Solodovnik <so...@gmail.com>.
LGTM :))
On Fri, 5 Mar 2021 at 19:30, <pa...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> papegaaij pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/wicket.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 84f62a5 Do not try to resolve X-Forwarded-For header
> 84f62a5 is described below
>
> commit 84f62a5cff462eaa3bfaf171b0638c7e7feea30d
> Author: Emond Papegaaij <em...@topicus.nl>
> AuthorDate: Fri Mar 5 13:28:15 2021 +0100
>
> Do not try to resolve X-Forwarded-For header
>
> The remote address is reported by HttpServletRequest. Configuration of
> this property is normally done via the application server. If this is
> somehow not possible, use XForwardedRequestWrapperFactory.
> ---
> .../protocol/http/request/WebClientInfo.java | 40
> +++-------------------
> 1 file changed, 4 insertions(+), 36 deletions(-)
>
> diff --git
> a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> index b5d0544..d8e552c 100644
> ---
> a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> +++
> b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
> @@ -140,48 +140,16 @@ public class WebClientInfo extends ClientInfo
> }
>
> /**
> - * When using ProxyPass, requestCycle().getHttpServletRequest().
> getRemoteAddr() returns the IP
> - * of the machine forwarding the request. In order to maintain the
> clients ip address, the
> - * server places it in the <a
> - * href="
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
> ">X-Forwarded-For</a>
> - * Header.
> - *
> - * Proxies may also mask the original client IP with tokens like
> "hidden" or "unknown".
> - * If so, the last proxy ip address is returned.
> + * Returns the IP address from {@code
> HttpServletRequest.getRemoteAddr()}.
> *
> * @param requestCycle
> * the request cycle
> - * @return remoteAddr IP address of the client, using the
> X-Forwarded-For header and defaulting
> - * to: getHttpServletRequest().getRemoteAddr()
> + * @return remoteAddr IP address of the client, using
> + * {@code getHttpServletRequest().getRemoteAddr()}
> */
> protected String getRemoteAddr(RequestCycle requestCycle)
> {
> ServletWebRequest request =
> (ServletWebRequest)requestCycle.getRequest();
> - HttpServletRequest req = request.getContainerRequest();
> - String remoteAddr = request.getHeader("X-Forwarded-For");
> -
> - if (remoteAddr != null)
> - {
> - if (remoteAddr.contains(","))
> - {
> - // sometimes the header is of form client
> ip,proxy 1 ip,proxy 2 ip,...,proxy n ip,
> - // we just want the client
> - remoteAddr = Strings.split(remoteAddr,
> ',')[0].trim();
> - }
> - try
> - {
> - // If ip4/6 address string handed over,
> simply does pattern validation.
> - InetAddress.getByName(remoteAddr);
> - }
> - catch (UnknownHostException e)
> - {
> - remoteAddr = req.getRemoteAddr();
> - }
> - }
> - else
> - {
> - remoteAddr = req.getRemoteAddr();
> - }
> - return remoteAddr;
> + return request.getContainerRequest().getRemoteAddr();
> }
> }
>
>
--
Best regards,
Maxim