You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by "Brane F. Gračnar" <bf...@najdi.si> on 2009/12/11 17:36:46 UTC
[PATCH]: X-Forwarded-For support
Hello :)
This patch adds support for X-Forwarded-For (or any other) http request header
holding ip address of real client so that request.getRemoteAddr() return
correct address if tomcat is running behind apache or any other reverse http
proxy.
Best regards, Brane
Re: [PATCH]: X-Forwarded-For support
Posted by Mark Thomas <ma...@apache.org>.
On 11/12/2009 16:36, Brane F. Gračnar wrote:
> Hello :)
>
> This patch adds support for X-Forwarded-For (or any other) http request header
> holding ip address of real client so that request.getRemoteAddr() return
> correct address if tomcat is running behind apache or any other reverse http
> proxy.
Brane,
Patches are best attached to bugzilla entries so they don't get lost.
That said, the new (in 6.0.21) RemoteIp valve provides the same (and
more) functionality so I am sorry to say that I don't think this patch
would be accepted.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [PATCH]: X-Forwarded-For support
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
Brane F. Gračnar wrote:
> Hello :)
>
> This patch adds support for X-Forwarded-For (or any other) http request header
> holding ip address of real client so that request.getRemoteAddr() return
> correct address if tomcat is running behind apache or any other reverse http
> proxy.
Note you can't simply trust XFF, because anyone can present any information
in this field. There are a number of solutions, most routers elect a different
header for forwarding IP addresses, while the httpd mod_remoteip handles this
with a trust list of known reliable agents.
Also you have a protocol problem, XFF is not a single entry, but a list ;-)
See http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html for the httpd
equivalent.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org