[Bug 64632] Unable to use my third party signed ssl certificate in tomcate server.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64632 Michael Osipov changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID OS||All --- Comment #1 from Michael Osipov --- Questions go to the users mailing list, not Bugzilla. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito edited a comment on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito edited a comment on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-661298600 At least triple fast because creates less memory garbage. For two comma separated ETags may work 10 times faster. Here is a benchmark with results https://gist.github.com/stokito/a82eed1aef6ad965e2a279825f1c3420 I tested with force GC between tests to compare just CPU time. Note that this comparison performed for each request. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64265] ETag comparison does not properly implement RFC 7232, section 2.3.2
https://bz.apache.org/bugzilla/show_bug.cgi?id=64265 --- Comment #7 from Sergey Ponomarev --- We also should implement weak match for If-None-Match I created PR with the fix https://github.com/apache/tomcat/pull/325 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito commented on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito commented on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-666382555 Ok, so Tomcat should make a weak matching. I changed the description of PR and added commits. Now this is a bug fix and simplification is only in last commit. You can merge everything except of the last commit d4831ba. Since logic of matching now even more complicated I updated the benchmark: https://gist.github.com/stokito/a82eed1aef6ad965e2a279825f1c3420 But more important is that it just looks simpler. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito commented on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito commented on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-666445794 I added another two commits with performance optimization. Given the nature of ETags that Tomcat generates itself I made some priority to check ETag: 1. Full match (what we normally expect) 2. Weak match 3. Asterisk match (not sure who ever used it) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito edited a comment on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito edited a comment on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-666445794 I added another two commits with performance optimization. Given the nature of ETags that Tomcat generates itself I made some priority to check ETag: 1. Strict comparision (what we normally expect) 2. Weak comparision 3. Asterisk (not sure who ever used it) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64634] RemoteIpValve support x-forwarded-for header with port (Azure)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64634 --- Comment #1 from cst...@ephibian.com --- Documentation on Azure application gateway headers: https://docs.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works#modifications-to-the-request -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64634] New: RemoteIpValve support x-forwarded-for header with port (Azure)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64634 Bug ID: 64634 Summary: RemoteIpValve support x-forwarded-for header with port (Azure) Product: Tomcat 9 Version: 9.0.x Hardware: PC OS: Linux Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: cst...@ephibian.com Target Milestone: - I attempted to enable the RemoteIpValve for a server hosted in Azure behind an ApplicationGateway. The ApplicationGateway creates an x-forwarded-for header value as : instead of just . The RemoteIpValve can't parse this, so it fails to work. It is not super clear to me if this is an abuse of the x-forwarded-for spec by Azure or not. But it would be nice if RemoteIpValve could be enhanced to support this. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito commented on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito commented on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-45463 OMG you right, they differ: An origin server MUST use the strong comparison function when comparing entity-tags for If-Match (Section 2.3.2), since the client intends this precondition to prevent the method from being applied if there have been any changes to the representation data. A recipient MUST use the weak comparison function when comparing entity-tags for If-None-Match (Section 2.3.2), since weak entity-tags can be used for cache validation even if there have been changes to the representation data. But what is funny is that in Tomcat on the contrary `If-Match` is *weak* while `If-None-Match` is *strong*. I'll fix that and update the PR This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito edited a comment on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito edited a comment on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-45463 OMG you right, they differ: An origin server MUST use the strong comparison function when comparing entity-tags for If-Match (Section 2.3.2), since the client intends this precondition to prevent the method from being applied if there have been any changes to the representation data. A recipient MUST use the weak comparison function when comparing entity-tags for If-None-Match (Section 2.3.2), since weak entity-tags can be used for cache validation even if there have been changes to the representation data. But what is funny is that in Tomcat on the contrary `If-Match` is *weak* while `If-None-Match` is *strong*. I'll fix that and update the PR This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito edited a comment on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito edited a comment on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-45463 OMG you right, they differ: An origin server MUST use the strong comparison function when comparing entity-tags for If-Match (Section 2.3.2), since the client intends this precondition to prevent the method from being applied if there have been any changes to the representation data. A recipient MUST use the weak comparison function when comparing entity-tags for If-None-Match (Section 2.3.2), since weak entity-tags can be used for cache validation even if there have been changes to the representation data. But what is funny is that in Tomcat on the contrary `If-Match` is *weak* while `If-None-Match` is *strong*. I'll fix that and update the PR This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] isapir commented on a change in pull request #327: Slight ui modifications
isapir commented on a change in pull request #327: URL: https://github.com/apache/tomcat/pull/327#discussion_r463257146 ## File path: java/org/apache/catalina/manager/Constants.java ## @@ -39,38 +39,65 @@ "\n" + "
[Bug 64634] RemoteIpValve support x-forwarded-for header with port (Azure)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64634 --- Comment #2 from Christopher Schultz --- Is it supplying X-Forwarded-For or X-Forwarded-Host? X-Forwarded-For should contain the IP address of the client, and having their port number (some random high-numbered port, likely) is pretty useless. Looks like Microsoft just went ahead and made-up their own standard for how these things are done, rather than following established norms[*]. They've also invented some new things: X-Forwarded-Port (??) and X-Original-Host (why not X-Forwarded-Host?). [*] Okay, fine, so Squid invented this stuff and there is no RFC, etc. defining it, but if all other proxies agree on how to do this, why does Azure have to change everything? >:/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64634] RemoteIpValve support x-forwarded-for header with port (Azure)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64634 --- Comment #3 from Christopher Schultz --- (In reply to cstuhr from comment #0) > The RemoteIpValve can't parse this, so it fails to work. Do you get an error, or just a failure to operate as expected? If an error, please post that. In either case, please post your configuration (use fictional IPs if you want to protect your info). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Add test including port numbers in various places.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new eed9426 Add test including port numbers in various places.
eed9426 is described below
commit eed94263926e6fba061ed4a56e961b2aab1b17df
Author: Christopher Schultz
AuthorDate: Thu Jul 30 17:25:05 2020 -0400
Add test including port numbers in various places.
---
.../apache/catalina/valves/TestRemoteIpValve.java | 56 ++
1 file changed, 56 insertions(+)
diff --git a/test/org/apache/catalina/valves/TestRemoteIpValve.java
b/test/org/apache/catalina/valves/TestRemoteIpValve.java
index 5fc43f9..036cf1a 100644
--- a/test/org/apache/catalina/valves/TestRemoteIpValve.java
+++ b/test/org/apache/catalina/valves/TestRemoteIpValve.java
@@ -1133,6 +1133,62 @@ public class TestRemoteIpValve {
request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
}
+@Test
+public void testRequestForwardedForWithPortNumber() throws Exception {
+
+// PREPARE
+RemoteIpValve remoteIpValve = new RemoteIpValve();
+RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new
RemoteAddrAndHostTrackerValve();
+remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+Request request = new MockRequest();
+request.setCoyoteRequest(new org.apache.coyote.Request());
+// client ip
+request.setRemoteAddr("192.168.0.10");
+request.setRemoteHost("192.168.0.10");
+
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234");
+// protocol
+request.setServerPort(8080);
+request.getCoyoteRequest().scheme().setString("http");
+
+// TEST
+remoteIpValve.invoke(request, null);
+
+// VERIFY
+
+Assert.assertEquals("140.211.11.130:1234",
remoteAddrAndHostTrackerValve.getRemoteAddr());
+ }
+
+@Test
+public void testRequestForwardedForWithProxyPortNumber() throws Exception {
+
+// PREPARE
+RemoteIpValve remoteIpValve = new RemoteIpValve();
+//remoteIpValve.setRemoteIpHeader("x-forwarded-for");
+//remoteIpValve.setProtocolHeader("x-forwarded-proto");
+RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new
RemoteAddrAndHostTrackerValve();
+remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+Request request = new MockRequest();
+request.setCoyoteRequest(new org.apache.coyote.Request());
+// client ip
+request.setRemoteAddr("192.168.0.10");
+request.setRemoteHost("192.168.0.10");
+// Trust c.d
+remoteIpValve.setTrustedProxies("foo\\.bar:123");
+
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234,
foo.bar:123");
+// protocol
+request.setServerPort(8080);
+request.getCoyoteRequest().scheme().setString("http");
+
+// TEST
+remoteIpValve.invoke(request, null);
+
+// VERIFY
+
+Assert.assertEquals("140.211.11.130:1234",
remoteAddrAndHostTrackerValve.getRemoteAddr());
+ }
+
private void assertArrayEquals(String[] expected, String[] actual) {
if (expected == null) {
Assert.assertNull(actual);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64634] RemoteIpValve support x-forwarded-for header with port (Azure)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64634 Christopher Schultz changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #4 from Christopher Schultz --- I just added two new unit tests to the RemoteIPValve which include port numbers in X-Forwarded-For and "trusted proxies" and it seems to be working as I would expect it to work. I haven't tried this in any live configuration, though. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Add test including port numbers in various places.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 6632954 Add test including port numbers in various places.
6632954 is described below
commit 6632954ae42d990a0040a728239537f4ed9f87d2
Author: Christopher Schultz
AuthorDate: Thu Jul 30 17:25:05 2020 -0400
Add test including port numbers in various places.
---
.../apache/catalina/valves/TestRemoteIpValve.java | 56 ++
1 file changed, 56 insertions(+)
diff --git a/test/org/apache/catalina/valves/TestRemoteIpValve.java
b/test/org/apache/catalina/valves/TestRemoteIpValve.java
index 644f229..5974fc6 100644
--- a/test/org/apache/catalina/valves/TestRemoteIpValve.java
+++ b/test/org/apache/catalina/valves/TestRemoteIpValve.java
@@ -1133,6 +1133,62 @@ public class TestRemoteIpValve {
request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
}
+@Test
+public void testRequestForwardedForWithPortNumber() throws Exception {
+
+// PREPARE
+RemoteIpValve remoteIpValve = new RemoteIpValve();
+RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new
RemoteAddrAndHostTrackerValve();
+remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+Request request = new MockRequest();
+request.setCoyoteRequest(new org.apache.coyote.Request());
+// client ip
+request.setRemoteAddr("192.168.0.10");
+request.setRemoteHost("192.168.0.10");
+
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234");
+// protocol
+request.setServerPort(8080);
+request.getCoyoteRequest().scheme().setString("http");
+
+// TEST
+remoteIpValve.invoke(request, null);
+
+// VERIFY
+
+Assert.assertEquals("140.211.11.130:1234",
remoteAddrAndHostTrackerValve.getRemoteAddr());
+ }
+
+@Test
+public void testRequestForwardedForWithProxyPortNumber() throws Exception {
+
+// PREPARE
+RemoteIpValve remoteIpValve = new RemoteIpValve();
+//remoteIpValve.setRemoteIpHeader("x-forwarded-for");
+//remoteIpValve.setProtocolHeader("x-forwarded-proto");
+RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new
RemoteAddrAndHostTrackerValve();
+remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+Request request = new MockRequest();
+request.setCoyoteRequest(new org.apache.coyote.Request());
+// client ip
+request.setRemoteAddr("192.168.0.10");
+request.setRemoteHost("192.168.0.10");
+// Trust c.d
+remoteIpValve.setTrustedProxies("foo\\.bar:123");
+
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234,
foo.bar:123");
+// protocol
+request.setServerPort(8080);
+request.getCoyoteRequest().scheme().setString("http");
+
+// TEST
+remoteIpValve.invoke(request, null);
+
+// VERIFY
+
+Assert.assertEquals("140.211.11.130:1234",
remoteAddrAndHostTrackerValve.getRemoteAddr());
+ }
+
private void assertArrayEquals(String[] expected, String[] actual) {
if (expected == null) {
Assert.assertNull(actual);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Add test including port numbers in various places.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 74298d4 Add test including port numbers in various places.
74298d4 is described below
commit 74298d4e7dce1723fd7e9b57af6b4bd7a097b212
Author: Christopher Schultz
AuthorDate: Thu Jul 30 17:25:05 2020 -0400
Add test including port numbers in various places.
---
.../apache/catalina/valves/TestRemoteIpValve.java | 56 ++
1 file changed, 56 insertions(+)
diff --git a/test/org/apache/catalina/valves/TestRemoteIpValve.java
b/test/org/apache/catalina/valves/TestRemoteIpValve.java
index d2f7040..a428ba7 100644
--- a/test/org/apache/catalina/valves/TestRemoteIpValve.java
+++ b/test/org/apache/catalina/valves/TestRemoteIpValve.java
@@ -1128,6 +1128,62 @@ public class TestRemoteIpValve {
request.getAttribute(Globals.REQUEST_FORWARDED_ATTRIBUTE));
}
+@Test
+public void testRequestForwardedForWithPortNumber() throws Exception {
+
+// PREPARE
+RemoteIpValve remoteIpValve = new RemoteIpValve();
+RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new
RemoteAddrAndHostTrackerValve();
+remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+Request request = new MockRequest();
+request.setCoyoteRequest(new org.apache.coyote.Request());
+// client ip
+request.setRemoteAddr("192.168.0.10");
+request.setRemoteHost("192.168.0.10");
+
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234");
+// protocol
+request.setServerPort(8080);
+request.getCoyoteRequest().scheme().setString("http");
+
+// TEST
+remoteIpValve.invoke(request, null);
+
+// VERIFY
+
+Assert.assertEquals("140.211.11.130:1234",
remoteAddrAndHostTrackerValve.getRemoteAddr());
+ }
+
+@Test
+public void testRequestForwardedForWithProxyPortNumber() throws Exception {
+
+// PREPARE
+RemoteIpValve remoteIpValve = new RemoteIpValve();
+//remoteIpValve.setRemoteIpHeader("x-forwarded-for");
+//remoteIpValve.setProtocolHeader("x-forwarded-proto");
+RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new
RemoteAddrAndHostTrackerValve();
+remoteIpValve.setNext(remoteAddrAndHostTrackerValve);
+
+Request request = new MockRequest();
+request.setCoyoteRequest(new org.apache.coyote.Request());
+// client ip
+request.setRemoteAddr("192.168.0.10");
+request.setRemoteHost("192.168.0.10");
+// Trust c.d
+remoteIpValve.setTrustedProxies("foo\\.bar:123");
+
request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-for").setString("140.211.11.130:1234,
foo.bar:123");
+// protocol
+request.setServerPort(8080);
+request.getCoyoteRequest().scheme().setString("http");
+
+// TEST
+remoteIpValve.invoke(request, null);
+
+// VERIFY
+
+Assert.assertEquals("140.211.11.130:1234",
remoteAddrAndHostTrackerValve.getRemoteAddr());
+ }
+
private void assertArrayEquals(String[] expected, String[] actual) {
if (expected == null) {
Assert.assertNull(actual);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito commented on pull request #325: BZ 64265 Fix and simplify weak ETag matching
stokito commented on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-666732691 @michael-o now I fixed, please review This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] stokito commented on pull request #324: Change ETag format to Nginx like
stokito commented on pull request #324: URL: https://github.com/apache/tomcat/pull/324#issuecomment-666735779 Well, as far I can tell it's quite safe to change the ETag generation schema. After update some servers may receive a spike because all files will be re-downloaded. Also may fail some integration tests that compares raw http response. Apache HTTPD just changed their ETag schema in v2.4 and I didn't found any mentioned problems that users had. Anyway the idea to make ETag schema configurable and make refactoring is wise. I'll try to implement this. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] michael-o commented on pull request #325: BZ 64265 Fix and simplify weak ETag matching
michael-o commented on pull request #325: URL: https://github.com/apache/tomcat/pull/325#issuecomment-666737304 Will do tomorrow. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64634] RemoteIpValve support x-forwarded-for header with port (Azure)
https://bz.apache.org/bugzilla/show_bug.cgi?id=64634
--- Comment #5 from cst...@ephibian.com ---
Yeah sorry for the mixup. I had initially tried to get this to work a year ago
and recalled seeing an error then, but I can't seem to replicate it again now.
I had just done a quick test of it again to verify before posting this ticket.
I was expecting to see the ip address change in the Access log %a variable
which it didn't.
Well apparently in order to see the affect of the RemoteIpValve in the Access
Log, you have to set requestAttributesEnabled="true" on the AccessLogValve. So
now I'm seeing %a change to : from the X-Forwarded-For header.
However the IP from request.getRemoteAddr() hasn't changed.
I'm a little surprised to see the port still part of it because of this bit of
code of RemoteIpValve would seem to strip it:
int portIndex = Host.parse(hostHeaderValue);
if (portIndex > -1) {
log.debug(sm.getString("remoteIpValve.invalidHostWithPort",
hostHeaderValue, hostHeader));
hostHeaderValue = hostHeaderValue.substring(0, portIndex);
}
I'll continue investigating what/where the root issue is.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
