You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by pa...@apache.org on 2021/03/05 14:57:07 UTC
[wicket] 01/02: Do not try to resolve X-Forwarded-For header

This is an automated email from the ASF dual-hosted git repository.

papegaaij pushed a commit to branch wicket-8.x
in repository https://gitbox.apache.org/repos/asf/wicket.git

commit c2da3ade7f93abc5ec4c502401e9a6d639eb9331
Author: Emond Papegaaij <em...@topicus.nl>
AuthorDate: Fri Mar 5 13:28:15 2021 +0100

    Do not try to resolve X-Forwarded-For header
    
    The remote address is reported by HttpServletRequest. Configuration of
    this property is normally done via the application server. If this is
    somehow not possible, use XForwardedRequestWrapperFactory.
---
 .../protocol/http/request/WebClientInfo.java       | 40 +++-------------------
 1 file changed, 4 insertions(+), 36 deletions(-)

diff --git a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
index c00dc47..c7ce9ee 100644
--- a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
+++ b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java
@@ -145,49 +145,17 @@ public class WebClientInfo extends ClientInfo
 	}
 
 	/**
-	 * When using ProxyPass, requestCycle().getHttpServletRequest(). getRemoteAddr() returns the IP
-	 * of the machine forwarding the request. In order to maintain the clients ip address, the
-	 * server places it in the <a
-	 * href="http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers">X-Forwarded-For</a>
-	 * Header.
-	 *
-	 * Proxies may also mask the original client IP with tokens like "hidden" or "unknown".
-	 * If so, the last proxy ip address is returned.
+	 * Returns the IP address from {@code HttpServletRequest.getRemoteAddr()}.
 	 *
 	 * @param requestCycle
 	 *            the request cycle
-	 * @return remoteAddr IP address of the client, using the X-Forwarded-For header and defaulting
-	 *         to: getHttpServletRequest().getRemoteAddr()
+	 * @return remoteAddr IP address of the client, using
+	 *         {@code getHttpServletRequest().getRemoteAddr()}
 	 */
 	protected String getRemoteAddr(RequestCycle requestCycle)
 	{
 		ServletWebRequest request = (ServletWebRequest)requestCycle.getRequest();
-		HttpServletRequest req = request.getContainerRequest();
-		String remoteAddr = request.getHeader("X-Forwarded-For");
-
-		if (remoteAddr != null)
-		{
-			if (remoteAddr.contains(","))
-			{
-				// sometimes the header is of form client ip,proxy 1 ip,proxy 2 ip,...,proxy n ip,
-				// we just want the client
-				remoteAddr = Strings.split(remoteAddr, ',')[0].trim();
-			}
-			try
-			{
-				// If ip4/6 address string handed over, simply does pattern validation.
-				InetAddress.getByName(remoteAddr);
-			}
-			catch (UnknownHostException e)
-			{
-				remoteAddr = req.getRemoteAddr();
-			}
-		}
-		else
-		{
-			remoteAddr = req.getRemoteAddr();
-		}
-		return remoteAddr;
+		return request.getContainerRequest().getRemoteAddr();
 	}
 
 	/**