https://issues.apache.org/bugzilla/show_bug.cgi?id=56181
Bug ID: 56181
Summary: RemoteIpValve & RemoteIpFilter:
HttpServletRequest.getRemoteHost() returns IP instead
of hostname with enableLookups=true and
x-forwarded-for header
Product: Tomcat 7
Version: 7.0.52
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: yann...@gmail.com
When clients connect to Tomcat through a proxy or load balancer that adds a
remoteIpHeader (eg. "x-forwarded-for") and the attribute "enableLookups" is set
to "true", the expected behavior is that hostname of the clients is resolved by
Tomcat.
However it is not, if the method getRemoteHost() is called on a
HttpServletRequest object, the IP is always returned, not the hostname.
In the classes org.apache.catalina.valves.RemoteIpValve and
org.apache.catalina.filters.RemoteIpFilter we see that the IP is set to the
Hostname field without any option to do the reverse DNS lookup:
request.setRemoteAddr(remoteIp);
request.setRemoteHost(remoteIp);
Instead the pseudo code could be something like:
request.setRemoteAddr(remoteIp);
if(enableRemoteIpLookups == true){
request.setRemoteHost(InetAddress.getByName(remoteIp).getHostName());
}
Perhaps, instead of using "enableLookups" to indicate the reverse DNS lookup
wants to be done for requests passing through a proxy it should be better to
have a new Tomcat attribute for this (like enableRemoteIpLookups), because
perhaps you do not want to lookups of the proxies IP but just the remoteIp
(x-forwarded-for).
Note, this issue applies also to Tomcat 8.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
