You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/06/26 09:33:58 UTC
svn commit: r958195 - in /tomcat/tc6.0.x/trunk: STATUS.txt
java/org/apache/catalina/valves/RemoteIpValve.java
webapps/docs/changelog.xml webapps/docs/config/valve.xml
Author: markt
Date: Sat Jun 26 07:33:57 2010
New Revision: 958195
URL: http://svn.apache.org/viewvc?rev=958195&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49443
Use remoteIpHeader rather then remoteIPHeader consistently
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=958195&r1=958194&r2=958195&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Jun 26 07:33:57 2010
@@ -141,12 +141,6 @@ PATCHES PROPOSED TO BACKPORT:
of "long time".
2) I see no way to turn off this feature or filter the output.
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=49443
- Use remoteIpHeader rather then remoteIPHeader consistently
- http://people.apache.org/~markt/patches/2010-06-18-bug49443-tc6.patch
- +1: markt, kkolinko, rjung
- -1:
-
* Backport the CSRF prevention filter to Tomcat 6 and configure the Manager and
Host Manager applications to use it. The configuration is such that the using
the old roles (manager, admin) will work and will bypass the CSRF protection
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=958195&r1=958194&r2=958195&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Sat Jun 26 07:33:57 2010
@@ -54,7 +54,7 @@ import org.apache.juli.logging.LogFactor
* If the incoming <code>request.getRemoteAddr()</code> matches the valve's list of internal proxies :
* <ul>
* <li>Loop on the comma delimited list of IPs and hostnames passed by the preceding load balancer or proxy in the given request's Http
- * header named <code>$remoteIPHeader</code> (default value <code>x-forwarded-for</code>). Values are processed in right-to-left order.</li>
+ * header named <code>$remoteIpHeader</code> (default value <code>x-forwarded-for</code>). Values are processed in right-to-left order.</li>
* <li>For each ip/host of the list:
* <ul>
* <li>if it matches the internal proxies list, the ip/host is swallowed</li>
@@ -79,7 +79,7 @@ import org.apache.juli.logging.LogFactor
* <th>Default Value</th>
* </tr>
* <tr>
- * <td>remoteIPHeader</td>
+ * <td>remoteIpHeader</td>
* <td>Name of the Http Header read by this valve that holds the list of traversed IP addresses starting from the requesting client</td>
* <td>RemoteIPHeader</td>
* <td>Compliant http header name</td>
@@ -99,7 +99,7 @@ import org.apache.juli.logging.LogFactor
* <tr>
* <td>proxiesHeader</td>
* <td>Name of the http header created by this valve to hold the list of proxies that have been processed in the incoming
- * <code>remoteIPHeader</code></td>
+ * <code>remoteIpHeader</code></td>
* <td>RemoteIPProxiesHeader</td>
* <td>Compliant http header name</td>
* <td>x-forwarded-by</td>
@@ -165,8 +165,8 @@ import org.apache.juli.logging.LogFactor
* <Valve
* className="org.apache.catalina.valves.RemoteIpValve"
* internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
- * remoteIPHeader="x-forwarded-for"
- * remoteIPProxiesHeader="x-forwarded-by"
+ * remoteIpHeader="x-forwarded-for"
+ * remoteIpProxiesHeader="x-forwarded-by"
* protocolHeader="x-forwarded-proto"
* /></pre></code>
* <p>
@@ -227,8 +227,8 @@ import org.apache.juli.logging.LogFactor
* <Valve
* className="org.apache.catalina.valves.RemoteIpValve"
* internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
- * remoteIPHeader="x-forwarded-for"
- * remoteIPProxiesHeader="x-forwarded-by"
+ * remoteIpHeader="x-forwarded-for"
+ * remoteIpProxiesHeader="x-forwarded-by"
* trustedProxies="proxy1, proxy2"
* /></pre></code>
* <p>
@@ -269,8 +269,8 @@ import org.apache.juli.logging.LogFactor
* <Valve
* className="org.apache.catalina.valves.RemoteIpValve"
* internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
- * remoteIPHeader="x-forwarded-for"
- * remoteIPProxiesHeader="x-forwarded-by"
+ * remoteIpHeader="x-forwarded-for"
+ * remoteIpProxiesHeader="x-forwarded-by"
* trustedProxies="proxy1, proxy2"
* /></pre></code>
* <p>
@@ -312,8 +312,8 @@ import org.apache.juli.logging.LogFactor
* <Valve
* className="org.apache.catalina.valves.RemoteIpValve"
* internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
- * remoteIPHeader="x-forwarded-for"
- * remoteIPProxiesHeader="x-forwarded-by"
+ * remoteIpHeader="x-forwarded-for"
+ * remoteIpProxiesHeader="x-forwarded-by"
* trustedProxies="proxy1, proxy2"
* /></pre></code>
* <p>
@@ -559,11 +559,11 @@ public class RemoteIpValve extends Valve
// In java 6, proxiesHeaderValue should be declared as a java.util.Deque
LinkedList<String> proxiesHeaderValue = new LinkedList<String>();
- String[] remoteIPHeaderValue = commaDelimitedListToStringArray(request.getHeader(remoteIpHeader));
+ String[] remoteIpHeaderValue = commaDelimitedListToStringArray(request.getHeader(remoteIpHeader));
int idx;
- // loop on remoteIPHeaderValue to find the first trusted remote ip and to build the proxies chain
- for (idx = remoteIPHeaderValue.length - 1; idx >= 0; idx--) {
- String currentRemoteIp = remoteIPHeaderValue[idx];
+ // loop on remoteIpHeaderValue to find the first trusted remote ip and to build the proxies chain
+ for (idx = remoteIpHeaderValue.length - 1; idx >= 0; idx--) {
+ String currentRemoteIp = remoteIpHeaderValue[idx];
remoteIp = currentRemoteIp;
if (matchesOne(currentRemoteIp, internalProxies)) {
// do nothing, internalProxies IPs are not appended to the
@@ -574,10 +574,10 @@ public class RemoteIpValve extends Valve
break;
}
}
- // continue to loop on remoteIPHeaderValue to build the new value of the remoteIPHeader
+ // continue to loop on remoteIpHeaderValue to build the new value of the remoteIpHeader
LinkedList<String> newRemoteIpHeaderValue = new LinkedList<String>();
for (; idx >= 0; idx--) {
- String currentRemoteIp = remoteIPHeaderValue[idx];
+ String currentRemoteIp = remoteIpHeaderValue[idx];
newRemoteIpHeaderValue.addFirst(currentRemoteIp);
}
if (remoteIp != null) {
@@ -740,7 +740,7 @@ public class RemoteIpValve extends Valve
* Default value : <code>X-Forwarded-For</code>
* </p>
*
- * @param remoteIPHeader
+ * @param remoteIpHeader
*/
public void setRemoteIpHeader(String remoteIpHeader) {
this.remoteIpHeader = remoteIpHeader;
@@ -748,7 +748,7 @@ public class RemoteIpValve extends Valve
/**
* <p>
- * Comma delimited list of proxies that are trusted when they appear in the {@link #remoteIPHeader} header. Can be expressed as a
+ * Comma delimited list of proxies that are trusted when they appear in the {@link #remoteIpHeader} header. Can be expressed as a
* regular expression.
* </p>
* <p>
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=958195&r1=958194&r2=958195&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Jun 26 07:33:57 2010
@@ -46,6 +46,10 @@
<bug>49424</bug>: Avoid NPE if client provides no data with a chunked
POST request. (markt)
</fix>
+ <fix>
+ <bug>49443</bug>: Use remoteIpHeader rather than remoteIPHeader
+ consistently. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Cluster">
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml?rev=958195&r1=958194&r2=958195&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/valve.xml Sat Jun 26 07:33:57 2010
@@ -728,7 +728,7 @@
<strong>org.apache.catalina.valves.RemoteIpValve</strong>.</p>
</attribute>
- <attribute name="remoteIPHeader" required="false">
+ <attribute name="remoteIpHeader" required="false">
<p>Name of the HTTP Header read by this valve that holds the list of
traversed IP addresses starting from the requesting client. If not
specified, the default of <code>x-forwarded-for</code> is used.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org