tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: RemoteIpValve advices
Date Mon, 31 Jan 2011 17:15:02 GMT
On 29/01/2011 19:07, Henri Gomez wrote:
> host: localhost:8080
> accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
> accept-encoding: gzip,deflate,sdch
> accept-language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4
> cookie: _chartbeat2=jf6k6glwwlc9huuy
> user-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US)
> AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237
> Safari/534.10
> x-forwarded-for: 1.2.3.4, 10.122.47.36
> x-forwarded-port: 80
> x-forwarded-proto: http
> x-forwarded-host: exoide.elasticbeanstalk.com
> x-forwarded-server: domU-12-31-38-00-B2-08.compute-1.internal
> connection: Keep-Alive
> 
> Notice x-forwarded-host, x-forwarded-port and x-forwarded-for
> 
> remoteAddr/Host should be grabbed from first entry in x-forwarded-for,
> ie 1.2.3.4

RemoteIpFilter/Valve should handle that

> serverName/serverPort get from x-forwarded-host/x-forwarded-port

As I think about this more, I can see valid use cases for this where the
alternatives (proxyPort/proxyHost on the connector, ProxyPreserveHost
On, etc.) may not be the best solution so +1 for this flexibility being
added to the RemoteIpFilter/Valve.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message