tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH]: X-Forwarded-For support
Date Fri, 11 Dec 2009 22:41:31 GMT
Brane F. Gra─Źnar wrote:
> Hello :)
> 
> This patch adds support for X-Forwarded-For (or any other) http request header 
> holding ip address of real client so that request.getRemoteAddr() return 
> correct address if tomcat is running behind apache or any other reverse http 
> proxy.

Note you can't simply trust XFF, because anyone can present any information
in this field.  There are a number of solutions, most routers elect a different
header for forwarding IP addresses, while the httpd mod_remoteip handles this
with a trust list of known reliable agents.

Also you have a protocol problem, XFF is not a single entry, but a list ;-)

See http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html for the httpd
equivalent.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message