[Bug 66068] New: Asynchronous request processing changes IP behind RemoteIpValve

Tue, 17 May 2022 05:56:32 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66068

            Bug ID: 66068
           Summary: Asynchronous request processing changes IP behind
                    RemoteIpValve
           Product: Tomcat 9
           Version: 9.0.62
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -----

Created attachment 38287
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38287&action=edit
example project

Hi guys

Request that is made to the Tomcat 9 server that is behind load balancer and
with RemoteIpValve enabled.

RemoteIpValve is configured in server.xml exactly before access log valve as
follows:
   <Valve className="org.apache.catalina.valves.RemoteIpValve"
       remoteIpHeader="x-forwarded-for"
       protocolHeader="x-forwarded-proto"
   />

In the case request is processed in synchronous way the right ip of caller is
received from request.getRemoteAddr()

In the case request is moved to asynchronous mode by request.startAsync(
request, response ) and is processed on the same thread the right ip of client
is received from asyncContext.getRequest().getRemoteAddr()

In the case request is moved to asynchronous mode by request.startAsync(
request, response ) and is processed on the OTHER thread the ip of client is
NOT received from asyncContext.getRequest().getRemoteAddr(), but ip of proxy
server.

In all cases access log prints right client ip.

Example source code is attached both with compiled .war file.
Example request is made to:
   http://localhost/remoteipvalve-bug-example/
with the following headers:
   X-Forwarded-For: 1.2.3.4
   X-Forwarded-Proto: 443

Example logger result:
17-May-2022 15:47:19.623 WARNING [http-nio-80-exec-53] RootServlet.doGet
Request ip before async start: 1.2.3.4
17-May-2022 15:47:19.623 WARNING [http-nio-80-exec-53] RootServlet.doGet
Request ip after async started: 1.2.3.4)
17-May-2022 15:47:19.625 WARNING [Thread-67] RootServlet$1.run Request ip after
async started: 127.0.0.1)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to