Re: svn commit: r1549524 - in /tomcat/trunk: java/org/apache/catalina/filters/RemoteIpFilter.java java/org/apache/catalina/valves/RemoteIpValve.java webapps/docs/config/filter.xml webapps/docs/config/valve.xml

Mon, 09 Dec 2013 01:52:44 -0800 

2013/12/9  <ma...@apache.org>:
> Author: markt
> Date: Mon Dec  9 09:48:42 2013
> New Revision: 1549524
>
> URL: http://svn.apache.org/r1549524
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55820
> Include the 172.16/12 range in the default value for internal proxies.
>
> Modified:
>     tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
>     tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
>     tomcat/trunk/webapps/docs/config/filter.xml
>     tomcat/trunk/webapps/docs/config/valve.xml
>
> Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java 
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Dec 
>  9 09:48:42 2013
> @@ -107,9 +107,12 @@ import org.apache.juli.logging.LogFactor
>   * <td>RemoteIPInternalProxy</td>
>   * <td>Regular expression (in the syntax supported by
>   * {@link java.util.regex.Pattern java.util.regex})</td>
> - * 
> <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
>  <br/>
> - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 
> 172.16/12 has not been enabled by default because it is complex to
> - * describe with regular expressions</td>
> + * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
> + *     169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
> + *     172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
> + *     172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}

I think the "{1}" above is superfluous, as that is the default
cardinality. It may need a test, though.

> + *     <br/>
> + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are 
> allowed.</td>
>   * </tr>
>   * </tr>
>   * <tr>
> @@ -695,7 +698,10 @@ public class RemoteIpFilter implements F
>              "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
>              "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
>              "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
> -            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
> +            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
> +            "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> +            "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> +            "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
>
>      /**
>       * @see #setProtocolHeader(String)
>
> Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
> +++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Dec  
> 9 09:48:42 2013
> @@ -88,9 +88,12 @@ import org.apache.juli.logging.LogFactor
>   * <td>RemoteIPInternalProxy</td>
>   * <td>Regular expression (in the syntax supported by
>   * {@link java.util.regex.Pattern java.util.regex})</td>
> - * 
> <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}<br/>
> - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 
> 172.16/12 has not been enabled by default because it is complex to
> - * describe with regular expressions</td>
> + * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
> + *     169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
> + *     172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
> + *     172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
> + *     <br/>
> + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are 
> allowed.</td>
>   * </tr>
>   * </tr>
>   * <tr>
> @@ -406,7 +409,10 @@ public class RemoteIpValve extends Valve
>              "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
>              "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
>              "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
> -            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
> +            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
> +            "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> +            "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
> +            "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
>
>      /**
>       * @see #setProtocolHeader(String)
>
> Modified: tomcat/trunk/webapps/docs/config/filter.xml
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/config/filter.xml (original)
> +++ tomcat/trunk/webapps/docs/config/filter.xml Mon Dec  9 09:48:42 2013
> @@ -1202,7 +1202,7 @@ FINE: Request "/docs/config/manager.html
>          Internal proxies that appear in the <strong>remoteIpHeader</strong> 
> will
>          be trusted and will not appear in the <strong>proxiesHeader</strong>
>          value. If not specified the default value of <code>
> -        
> 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
> +        
> 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
>          </code> will be used.</p>
>        </attribute>
>
>
> Modified: tomcat/trunk/webapps/docs/config/valve.xml
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
> ==============================================================================
> --- tomcat/trunk/webapps/docs/config/valve.xml (original)
> +++ tomcat/trunk/webapps/docs/config/valve.xml Mon Dec  9 09:48:42 2013
> @@ -1296,7 +1296,7 @@
>          Internal proxies that appear in the <strong>remoteIpHeader</strong> 
> will
>          be trusted and will not appear in the <strong>proxiesHeader</strong>
>          value. If not specified the default value of <code>
> -        
> 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
> +        
> 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
>          </code> will be used.</p>
>        </attribute>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to