https://bz.apache.org/bugzilla/show_bug.cgi?id=57665
--- Comment #18 from Sergey Ponomarev <stok...@gmail.com> --- Can we set more prio and finally merge the patch? I tried to use this filter as a workaround https://github.com/qaware/x-forwarded-filter which looks quite good and working according to all specifications and even covers an RFC 7239 `Forwarded` header. The author of the lib made a great investigation of all reverse proxy filters and made a comparison in README. IMHO the filter can be as kind of reference implementation. I trying to create a base tomcat image for my company's legacy apps and put them behind reverse proxy Nginx. I declared the filter in CATALINA_BASE/but the filter become last in filter chain and other filters of webapps are failed to determine correct server name. And I didn't find any solution how to set an order for filters declared in conf/web.xml Now I copied the RemoteIpValve, applied the patch and changed a package, built, added it as dependency in tomcat/lib and finally used it in server.xml. That costed me for a lot of time so I would be happy if Tomcat can do it itself. Meanwhile the patch has some problems: 1. The hostHeader property should be specified private String hostHeader = null; I have no idea why you didn't assign a default value i.e. private String hostHeader = "; Without this we need to always specify the header name while it de-facto always `` 2. Remote Host won't be populated it is not specified. This looks like a bug when remote host is populated in setHostAndPorts() method but the method is called only if protocolHeader property is specified. BTW the protocolHeader also can have a default `X-Forwarded-Proto`. So to start working the RemoteIpValve should be specified like: <Valve className="org.apache.catalina.valves.RemoteIpValve" hostHeader="X-Forwarded-Host" protocolHeader="X-Forwarded-Proto"/> To understand this defaults I also spent some time. Also here is a possible tricky situation when port from X-Forwarded-Host can override port from `X-Forwarded-Port` which is doesn't supported by RemoteIpValve at all. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
