Brane F. Gračnar wrote: > Hello :) > > This patch adds support for X-Forwarded-For (or any other) http request > header > holding ip address of real client so that request.getRemoteAddr() return > correct address if tomcat is running behind apache or any other reverse http > proxy.
Note you can't simply trust XFF, because anyone can present any information in this field. There are a number of solutions, most routers elect a different header for forwarding IP addresses, while the httpd mod_remoteip handles this with a trust list of known reliable agents. Also you have a protocol problem, XFF is not a single entry, but a list ;-) See http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html for the httpd equivalent. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
