You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Michael Jumper (JIRA)" <ji...@apache.org> on 2019/04/30 17:35:00 UTC
[jira] [Updated] (GUACAMOLE-784) Tolerate port number within
X-Forwarded-For header
[ https://issues.apache.org/jira/browse/GUACAMOLE-784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Jumper updated GUACAMOLE-784:
-------------------------------------
Summary: Tolerate port number within X-Forwarded-For header (was: Modify Regex for X-Forwarded-for to parse IP:Port)
> Tolerate port number within X-Forwarded-For header
> --------------------------------------------------
>
> Key: GUACAMOLE-784
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-784
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client
> Affects Versions: 1.0.0
> Environment: Azure App Service
> Reporter: Stefan
> Priority: Minor
>
> Dear all
> First of all, I am sorry that I messed up with your usual process. Please delete the Pull-Request, so that everything goes the right way. It was not my intention to make troubles.
> Now about the topic. We want to run the guacamole-client in an Azue Web Service. That is a Service where MS provides everything up to the Tomcat-Server as a Service. You just have to place the war-File on the right position.
> It is working fine so far. But one of the issues is that the “X-Forwarded-for”-Header which is forwarded to the guacamole-client contains also the Source-Port number. Because of that only the Tomcat-Server-IP is shown in the History of the guacamole-client. According the REGEX in the source file “[guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java|https://github.com/apache/guacamole-client/pull/398/files/51035d377ec9b6c8a9260c3df73051173065ace2#diff-48e5eab88e3f0e708348fb5f3a353b94]” the client just can handle Header with IPs only. We thought about the possibility to expand these regexes.
> I agree with mike-jumper that everybody should fulfill the standard, which define that only the IP is in this header. We contacted MS, but the thing is, we don’t aspect any “fast” reaction or change on Azure to solve this topic.
> I also agree that the change should be well planned, not to screw up something else.
> Original Comment from mike-jumper
> {quote}
> Both {{IPV4_ADDRESS_REGEX}} and {{IPV6_ADDRESS_REGEX}} are documented here as matching IP addresses. Altering them such that they also accept port numbers will mean that the documentation becomes incorrect. If the change proposed here is correct, then that documentation needs to be updated to match. However:
> Duplicating the same pattern across both {{IPV4_ADDRESS_REGEX}} and {{IPV6_ADDRESS_REGEX}} is suboptimal. There are other patterns which would be better homes for this change and avoid duplication, but again: modifying something that is essentially named "IP address" and documented as matching IP addresses such that it also matches port numbers isn't complete in itself. That change would need to be followed through such that the documentation and naming are correct.
> The de facto {{X-Forwarded-For}} header is defined as a list of IP addresses, not a list of IP addresses with optional port numbers:
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
> https://en.wikipedia.org/wiki/X-Forwarded-For
> If there are real world cases where a port number is included, please provide some background information when you open the corresponding issue in JIRA so the reasoning for your proposed change can be understood.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)