← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/tomcat6/oneiric

« back to all changes in this revision

Viewing changes to java/org/apache/catalina/valves/RemoteIpValve.java

  • Committer: Bazaar Package Importer
  • Author(s): Thierry Carrez
  • Date: 2010-07-20 14:36:48 UTC
  • mfrom: (2.2.17 sid)
  • Revision ID: james.westby@ubuntu.com-20100720143648-23y81x6cq1kv1z00
Tags: 6.0.28-2
* Add debconf questions for user, group and Java options.
* Use ucf to install /etc/default/tomcat6 from a template
* Drop CATALINA_BASE and CATALINA_HOME from /etc/default/tomcat6 since we
  shouldn't encourage users to change those anyway

Show diffs side-by-side

added added

removed removed

Lines of Context:
java/org/apache/catalina/valves/RemoteIpValve.java
54
54
 * If the incoming <code>request.getRemoteAddr()</code> matches the valve's list of internal proxies :
55
55
 * <ul>
56
56
 * <li>Loop on the comma delimited list of IPs and hostnames passed by the preceding load balancer or proxy in the given request's Http
57
 
 * header named <code>$remoteIPHeader</code> (default value <code>x-forwarded-for</code>). Values are processed in right-to-left order.</li>
 
57
 * header named <code>$remoteIpHeader</code> (default value <code>x-forwarded-for</code>). Values are processed in right-to-left order.</li>
58
58
 * <li>For each ip/host of the list:
59
59
 * <ul>
60
60
 * <li>if it matches the internal proxies list, the ip/host is swallowed</li>
79
79
 * <th>Default Value</th>
80
80
 * </tr>
81
81
 * <tr>
82
 
 * <td>remoteIPHeader</td>
 
82
 * <td>remoteIpHeader</td>
83
83
 * <td>Name of the Http Header read by this valve that holds the list of traversed IP addresses starting from the requesting client</td>
84
84
 * <td>RemoteIPHeader</td>
85
85
 * <td>Compliant http header name</td>
99
99
 * <tr>
100
100
 * <td>proxiesHeader</td>
101
101
 * <td>Name of the http header created by this valve to hold the list of proxies that have been processed in the incoming
102
 
 * <code>remoteIPHeader</code></td>
 
102
 * <code>remoteIpHeader</code></td>
103
103
 * <td>RemoteIPProxiesHeader</td>
104
104
 * <td>Compliant http header name</td>
105
105
 * <td>x-forwarded-by</td>
165
165
 * &lt;Valve 
166
166
 *   className="org.apache.catalina.valves.RemoteIpValve"
167
167
 *   internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
168
 
 *   remoteIPHeader="x-forwarded-for"
169
 
 *   remoteIPProxiesHeader="x-forwarded-by"
 
168
 *   remoteIpHeader="x-forwarded-for"
 
169
 *   remoteIpProxiesHeader="x-forwarded-by"
170
170
 *   protocolHeader="x-forwarded-proto"
171
171
 *   /&gt;</pre></code>
172
172
 * <p>
227
227
 * &lt;Valve 
228
228
 *   className="org.apache.catalina.valves.RemoteIpValve"
229
229
 *   internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
230
 
 *   remoteIPHeader="x-forwarded-for"
231
 
 *   remoteIPProxiesHeader="x-forwarded-by"
 
230
 *   remoteIpHeader="x-forwarded-for"
 
231
 *   remoteIpProxiesHeader="x-forwarded-by"
232
232
 *   trustedProxies="proxy1, proxy2"
233
233
 *   /&gt;</pre></code>
234
234
 * <p>
269
269
 * &lt;Valve 
270
270
 *   className="org.apache.catalina.valves.RemoteIpValve"
271
271
 *   internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
272
 
 *   remoteIPHeader="x-forwarded-for"
273
 
 *   remoteIPProxiesHeader="x-forwarded-by"
 
272
 *   remoteIpHeader="x-forwarded-for"
 
273
 *   remoteIpProxiesHeader="x-forwarded-by"
274
274
 *   trustedProxies="proxy1, proxy2"
275
275
 *   /&gt;</pre></code>
276
276
 * <p>
312
312
 * &lt;Valve 
313
313
 *   className="org.apache.catalina.valves.RemoteIpValve"
314
314
 *   internalProxies="192\.168\.0\.10, 192\.168\.0\.11"
315
 
 *   remoteIPHeader="x-forwarded-for"
316
 
 *   remoteIPProxiesHeader="x-forwarded-by"
 
315
 *   remoteIpHeader="x-forwarded-for"
 
316
 *   remoteIpProxiesHeader="x-forwarded-by"
317
317
 *   trustedProxies="proxy1, proxy2"
318
318
 *   /&gt;</pre></code>
319
319
 * <p>
559
559
            // In java 6, proxiesHeaderValue should be declared as a java.util.Deque
560
560
            LinkedList<String> proxiesHeaderValue = new LinkedList<String>();
561
561
            
562
 
            String[] remoteIPHeaderValue = commaDelimitedListToStringArray(request.getHeader(remoteIpHeader));
 
562
            String[] remoteIpHeaderValue = commaDelimitedListToStringArray(request.getHeader(remoteIpHeader));
563
563
            int idx;
564
 
            // loop on remoteIPHeaderValue to find the first trusted remote ip and to build the proxies chain
565
 
            for (idx = remoteIPHeaderValue.length - 1; idx >= 0; idx--) {
566
 
                String currentRemoteIp = remoteIPHeaderValue[idx];
 
564
            // loop on remoteIpHeaderValue to find the first trusted remote ip and to build the proxies chain
 
565
            for (idx = remoteIpHeaderValue.length - 1; idx >= 0; idx--) {
 
566
                String currentRemoteIp = remoteIpHeaderValue[idx];
567
567
                remoteIp = currentRemoteIp;
568
568
                if (matchesOne(currentRemoteIp, internalProxies)) {
569
569
                    // do nothing, internalProxies IPs are not appended to the
574
574
                    break;
575
575
                }
576
576
            }
577
 
            // continue to loop on remoteIPHeaderValue to build the new value of the remoteIPHeader
 
577
            // continue to loop on remoteIpHeaderValue to build the new value of the remoteIpHeader
578
578
            LinkedList<String> newRemoteIpHeaderValue = new LinkedList<String>();
579
579
            for (; idx >= 0; idx--) {
580
 
                String currentRemoteIp = remoteIPHeaderValue[idx];
 
580
                String currentRemoteIp = remoteIpHeaderValue[idx];
581
581
                newRemoteIpHeaderValue.addFirst(currentRemoteIp);
582
582
            }
583
583
            if (remoteIp != null) {
627
627
                          + originalScheme + "' will be seen as newRemoteAddr='" + request.getRemoteAddr() + "', newRemoteHost='"
628
628
                          + request.getRemoteHost() + "', newScheme='" + request.getScheme() + "', newSecure='" + request.isSecure() + "'");
629
629
            }
 
630
        } else {
 
631
            if (log.isDebugEnabled()) {
 
632
                log.debug("Skip RemoteIpValve for request " + request.getRequestURI() + " with originalRemoteAddr '"
 
633
                        + request.getRemoteAddr() + "'");
 
634
            }
630
635
        }
631
636
        try {
632
637
            getNext().invoke(request, response);
735
740
     * Default value : <code>X-Forwarded-For</code>
736
741
     * </p>
737
742
     * 
738
 
     * @param remoteIPHeader
 
743
     * @param remoteIpHeader
739
744
     */
740
745
    public void setRemoteIpHeader(String remoteIpHeader) {
741
746
        this.remoteIpHeader = remoteIpHeader;
743
748
    
744
749
    /**
745
750
     * <p>
746
 
     * Comma delimited list of proxies that are trusted when they appear in the {@link #remoteIPHeader} header. Can be expressed as a
 
751
     * Comma delimited list of proxies that are trusted when they appear in the {@link #remoteIpHeader} header. Can be expressed as a
747
752
     * regular expression.
748
753
     * </p>
749
754
     * <p>