tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: [PATCH]: X-Forwarded-For support
Date Fri, 11 Dec 2009 22:41:31 GMT
Brane F. Gra─Źnar wrote:
> Hello :)
> This patch adds support for X-Forwarded-For (or any other) http request header 
> holding ip address of real client so that request.getRemoteAddr() return 
> correct address if tomcat is running behind apache or any other reverse http 
> proxy.

Note you can't simply trust XFF, because anyone can present any information
in this field.  There are a number of solutions, most routers elect a different
header for forwarding IP addresses, while the httpd mod_remoteip handles this
with a trust list of known reliable agents.

Also you have a protocol problem, XFF is not a single entry, but a list ;-)

See for the httpd

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message