You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/02/20 15:28:32 UTC
[Bug 60751] New: Add 100.64/10 to the default internalProxies
https://bz.apache.org/bugzilla/show_bug.cgi?id=60751
Bug ID: 60751
Summary: Add 100.64/10 to the default internalProxies
Product: Tomcat 8
Version: 8.0.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: matthias.winzeler@gmail.com
Target Milestone: ----
Created attachment 34769
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34769&action=edit
Patch that adds 100.64/10 to internalProxies for Tomcat 8.0.x trunk
As a service provider, we use the 100.64/10 range quite often for our private
networks.
Currently Tomcat does not include this range in the default value of
internalProxies in the classes RemoteIpValve and RemoteIpFilter. Since our
Loadbalancer runs on a 100.64 address, it is not covered by the default private
networks in Tomcat and the logic of RemoteIpValve is skipped (i.e. setting the
ports and the scheme based on X-Forwarded-Proto).
This patch adds the 100.64/10 range to the default internalProxies.
As far as I understand, this subnet should be treated the same as the other
private networks:
https://en.wikipedia.org/wiki/Reserved_IP_addresses
I'm aware that this can be fixed in the configuration rather easily.
But since we're offering CloudFoundry to our customers where the customers
deploy their own Tomcats, we do not own these configurations - and we would
like to be interoperable with other CloudFoundries that run in different
networks and do not require this fix.
We think it would be nice if Tomcat supports these networks out-of-the-box.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60751] Add 100.64/10 to the default internalProxies
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60751
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
The documented use for 100.64/10 is for GCN which means addresses in that range
are not all within the control of a single entity and it is not, therefore,
safe to trust them all by default.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60751] Add 100.64/10 to the default internalProxies
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60751
Chuck Caldarale <ch...@unisys.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org