tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harrie Robins" <har...@eyequestion.nl>
Subject internalProxies regex
Date Wed, 20 Dec 2017 08:37:36 GMT
Hello everyone,

 

I have a question about the remoteipvalve in tomcat 8.5:
https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/Remo
teIpValve.html

 


internalProxies

Regular expression that matches the IP addresses of internal proxies. If
they appear in the remoteIpHeader value, they will be trusted and will not
appear in the proxiesHeader value

RemoteIPInternalProxy

Regular expression (in the syntax supported by java.util.regex)

10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} 
By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.

 

I need to convert some CIDR ranges to regex:


my concern is that /d{1,3} wil match too many (non exist) addresses 

103\.21\.24\d[4-7]\.\d[0-9]\d{1,3}|103\.22\.20\d[0-3]\.\d[0-9]\d{1,3}|103\.3
1\.\d[4-7]\.\d[0-9]\d{1,3}

 

So I re-wrote using capture groups, below does not function however, and I
assume it is due to OR (|) which tomcat will affectively see as a new entry?
So I tried escaping, but I cannot get it to work:

103\.21\.(2(4[4-7]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\|5[0-5
]))|103\.22\.(2(0[0-3]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\|5
[0-5]))

 

Any thoughts?

 

Thanks,

Harrie

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message