https://bz.apache.org/bugzilla/show_bug.cgi?id=57926
Bug ID: 57926
Summary: RemoteIpValve: resetting the RemoteAddr, but not the
X-Forwarded-For Header causes information loss
Product: Tomcat 8
Version: 8.0.22
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
After processing the request, the RemoteIPValve resets the RemoteAddr to its
original value. The Header Fields X-Forwarded-By and X-Forwarded-For, that may
have also been changed will not be reset to their original values.
This leads to an inconsistent state of the request after processing:
Before:
RemoteAddr: 192.168.1.1
X-Forwarded-For: 88.77.66.55
After:
RemoteAddr: 192.168.1.1
X-Forwarded-For: null
So, the information that is probably most valuable to me is now neither in the
RemoteAddr, nor in the X-Forwarded-For header. This may cause problems, because
Access Logging is done after request processing. Depending on your logging
config, the True Client IP will be completly lost from the logs.
A workaround may be to set requestAttributesEnabled=true and log those
attributes.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
