Re: Patch to override request.getRemoteAddr if behind a reverse proxy

Fri, 14 Jul 2006 13:46:02 -0700

This is a question for the user list, it might be better for you to take the inquiries there, and you shouldn't need to hack tomcat for something like this. Simply create a filter, that wraps your HttpServletRequest in a HttpServletRequestWrapper,
worst case you could create Valve that does it for you, either way, you can avoid changing tomcat code. 

Filip

Johan van den Berg wrote:

Hi

I'm totally new to hacking Tomcat, so excuse if I'm not following the
proper procedure, but needed to do this for our site that has a Tomcat
behind Apache (mod_jk), that sits behind a reverse proxy load balancer.
The idea is basically to not use the TCP endpoint of Apache (which will
always point to the reverse proxy) to give the caller of
request.getRemoteAddr a valid IP, but rather retrieve it from a
configurable request header. In our case, we have hacked the Pound
loadbalancer to forward a request header called X-Pounded-For with each
request, and the value of this header is then used (if available) to
return the *real client IP to the caller of request.getRemoteAddr or
request.getRemoteHost.

Extract from server.xml:

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" proxyRemoteAddrHeader="X-Pounded-For"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />


Let me know if it is of any use to anyone else!

Regards


  
------------------------------------------------------------------------


Index: 
container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
===================================================================
--- 
container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java   
    (revision 421580)
+++ 
container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java   
    (working copy)
@@ -198,12 +198,23 @@

         // Override if the proxyPort/proxyHost are set 
         String proxyName = connector.getProxyName();

         int proxyPort = connector.getProxyPort();
+        String proxyRemoteAddrHeader = connector.getProxyRemoteAddrHeader();

+        
         if (proxyPort != 0) {

             req.setServerPort(proxyPort);
         }
         if (proxyName != null) {
             req.serverName().setString(proxyName);
         }
+        if (proxyRemoteAddrHeader != null) {
+               String remoteAddr = req.getHeader(proxyRemoteAddrHeader);
+               if (remoteAddr != null) {
+                req.remoteAddr().setString(remoteAddr);
+                req.remoteHost().setString(remoteAddr);
+                request.setRemoteAddr(remoteAddr);
+                request.setRemoteHost(remoteAddr);                     
+               }
+        }

 
         // URI decoding

         MessageBytes decodedURI = req.decodedURI();
Index: container/catalina/src/share/org/apache/catalina/connector/Connector.java
===================================================================
--- container/catalina/src/share/org/apache/catalina/connector/Connector.java   
(revision 421580)
+++ container/catalina/src/share/org/apache/catalina/connector/Connector.java   
(working copy)
@@ -155,6 +155,14 @@
      * the port number specified by the <code>port</code> property is used.
      */
     protected int proxyPort = 0;

+    
+    
+    /**

+     * The request header that should be use to populate the request object's
+     * remoteAddr field. This is commonly used behind reverse proxy's that pass
+     * the real client IP via a request header, such as 
<code>X-Pounded-For</code>.
+     */
+    protected String proxyRemoteAddrHeader = null;

 
 
     /**

@@ -732,6 +740,27 @@
         setProperty("proxyPort", String.valueOf(proxyPort));

 
     }
+    
+    /**

+     * Return the proxy remote address header value for this Connector.
+     */
+    public String getProxyRemoteAddrHeader() {
+       
+       return (this.proxyRemoteAddrHeader);
+       
+    }

+    
+    /**

+     * Set the proxy remote address header value for this Connector.

+     * 
+     * @param proxyRemoteAddrHeader The new proxy remote address header value

+     */
+    public void setProxyRemoteAddrHeader(String proxyRemoteAddrHeader) {
+       
+       this.proxyRemoteAddrHeader = proxyRemoteAddrHeader;
+       setProperty("proxyRemoteAddrHeader", proxyRemoteAddrHeader);
+       
+    }

 
 
     /**



  
------------------------------------------------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.0/388 - Release Date: 7/13/2006

  



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to