Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 80436 invoked from network); 31 Jan 2011 17:15:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 31 Jan 2011 17:15:36 -0000 Received: (qmail 91694 invoked by uid 500); 31 Jan 2011 17:15:36 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 91132 invoked by uid 500); 31 Jan 2011 17:15:33 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 91119 invoked by uid 99); 31 Jan 2011 17:15:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 Jan 2011 17:15:33 +0000 X-ASF-Spam-Status: No, hits=0.3 required=5.0 tests=URIBL_RHS_DOB X-Spam-Check-By: apache.org Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 31 Jan 2011 17:15:32 +0000 Received: (qmail 80330 invoked by uid 99); 31 Jan 2011 17:15:12 -0000 Received: from localhost.apache.org (HELO [192.168.23.9]) (127.0.0.1) (smtp-auth username markt, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Mon, 31 Jan 2011 17:15:12 +0000 Message-ID: <4D46EE16.9030102@apache.org> Date: Mon, 31 Jan 2011 17:15:02 +0000 From: Mark Thomas User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-GB; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: RemoteIpValve advices References: <4D3D5F40.9030006@apache.org> <4D3FE4E1.3090502@apache.org> <4D404122.1070305@christopherschultz.net> <4D445E3D.5060805@apache.org> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 29/01/2011 19:07, Henri Gomez wrote: > host: localhost:8080 > accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 > accept-encoding: gzip,deflate,sdch > accept-language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 > cookie: _chartbeat2=jf6k6glwwlc9huuy > user-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) > AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 > Safari/534.10 > x-forwarded-for: 1.2.3.4, 10.122.47.36 > x-forwarded-port: 80 > x-forwarded-proto: http > x-forwarded-host: exoide.elasticbeanstalk.com > x-forwarded-server: domU-12-31-38-00-B2-08.compute-1.internal > connection: Keep-Alive > > Notice x-forwarded-host, x-forwarded-port and x-forwarded-for > > remoteAddr/Host should be grabbed from first entry in x-forwarded-for, > ie 1.2.3.4 RemoteIpFilter/Valve should handle that > serverName/serverPort get from x-forwarded-host/x-forwarded-port As I think about this more, I can see valid use cases for this where the alternatives (proxyPort/proxyHost on the connector, ProxyPreserveHost On, etc.) may not be the best solution so +1 for this flexibility being added to the RemoteIpFilter/Valve. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org