You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/05/13 18:13:58 UTC

[Bug 57926] New: RemoteIpValve: resetting the RemoteAddr, but not the X-Forwarded-For Header causes information loss

https://bz.apache.org/bugzilla/show_bug.cgi?id=57926

            Bug ID: 57926
           Summary: RemoteIpValve: resetting the RemoteAddr, but not the
                    X-Forwarded-For Header causes information loss
           Product: Tomcat 8
           Version: 8.0.22
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: bz.apache.org@gehrels.info

After processing the request, the RemoteIPValve resets the RemoteAddr to its
original value. The Header Fields X-Forwarded-By and X-Forwarded-For, that may
have also been changed will not be reset to their original values.

This leads to an inconsistent state of the request after processing:
Before:
RemoteAddr: 192.168.1.1
X-Forwarded-For: 88.77.66.55

After:
RemoteAddr: 192.168.1.1
X-Forwarded-For: null

So, the information that is probably most valuable to me is now neither in the
RemoteAddr, nor in the X-Forwarded-For header. This may cause problems, because
Access Logging is done after request processing. Depending on your logging
config, the True Client IP will be completly lost from the logs.

A workaround may be to set requestAttributesEnabled=true and log those
attributes.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 57926] RemoteIpValve: resetting the RemoteAddr, but not the X-Forwarded-For Header causes information loss

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=57926

Benjamin Gehrels <bz...@gehrels.info> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bz.apache.org@gehrels.info
                 OS|                            |All

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 57926] RemoteIpValve: resetting the RemoteAddr, but not the X-Forwarded-For Header causes information loss

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=57926

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Fixed in trunk for 9.0.x and in 8.0.x for 8.0.23 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org