You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by sp...@gmx.eu on 2011/12/08 21:52:21 UTC
RemoteIpFilter not working
Hi,
I have set up the RemoteIpFilter (Tomcat 7.0.8) in the webapps web.xml like
this:
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
The mapping is the first in the filter chain.
But when I call request.getRemoteAddr() in a plain jsp in the root of the
webapp I get the IP from the proxy not from the client.
The proxy sends x-forwared-for correctly.
What can be the problem?
Thank you
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: RemoteIpFilter not working
Posted by sp...@gmx.eu.
> Also, the documentation on the class itself
> (http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catali
na/filters/RemoteIpFilter.html)
> seems to be better than the documentation of the Filter in the Tomcat
> user guide :(
Uh... the docs are simple wrong, ok - I think.
> I think you're going to need to provide an "internalProxies"
> configuration parameter.
Yes. This works.
Thx!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: RemoteIpFilter not working
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To whom it may concern,
On 12/9/11 4:48 AM, spring@gmx.eu wrote:
>> Can you send a dump of the HTTP headers received by the webapp
>> and the return value of the various request.getXXX methods? That
>> would be very helpful, here.
>
>
> getRemoteAddr(): 85.214.210.60 <-- proxy IP x-forwarded-for:
> 85.178.56.216 <-- client IP x-forwarded-host: foobar.eu <-- proxy
> x-forwarded-server: foobar.eu <-- proxy
>
> It looks like the Filter does not kick in.
I wonder if this has to do with (un)trusted proxies.
Have you enabled logging for the RemoteIpFilter class?
Also, the documentation on the class itself
(http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/RemoteIpFilter.html)
seems to be better than the documentation of the Filter in the Tomcat
user guide :(
I think you're going to need to provide an "internalProxies"
configuration parameter.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7mUfQACgkQ9CaO5/Lv0PBzPgCgj5dKsJY/yat3AXWGjjBbMixN
hWQAn264rtswBBvfRIH4tyLuhEe1Vjf3
=hnxR
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: RemoteIpFilter not working
Posted by sp...@gmx.eu.
> Can you send a dump of the HTTP headers received by the webapp and the
> return value of the various request.getXXX methods? That would be very
> helpful, here.
getRemoteAddr(): 85.214.210.60 <-- proxy IP
x-forwarded-for: 85.178.56.216 <-- client IP
x-forwarded-host: foobar.eu <-- proxy
x-forwarded-server: foobar.eu <-- proxy
It looks like the Filter does not kick in.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: RemoteIpFilter not working
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To whom it may concern,
On 12/8/11 3:52 PM, spring@gmx.eu wrote:
> I have set up the RemoteIpFilter (Tomcat 7.0.8)
It's time to upgrade: 7.0.23 is available and includes significant
improvements including security-related bug fixes.
> in the webapps web.xml like this:
>
> <filter> <filter-name>RemoteIpFilter</filter-name>
>
> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
>
>
</filter>
>
> <filter-mapping> <filter-name>RemoteIpFilter</filter-name>
> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher>
> </filter-mapping>
>
> The mapping is the first in the filter chain.
>
> But when I call request.getRemoteAddr() in a plain jsp in the root
> of the webapp I get the IP from the proxy not from the client. The
> proxy sends x-forwared-for correctly.
>
> What can be the problem?
Can you send a dump of the HTTP headers received by the webapp and the
return value of the various request.getXXX methods? That would be very
helpful, here.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7hJg4ACgkQ9CaO5/Lv0PAs9ACfUqBt4W0+tTMPbDEZkL1G0p8K
rnYAoLkczJErlaf0uoUZ6oHAai48m61K
=MLUe
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org