Index: java/org/apache/catalina/valves/LocalStrings.properties =================================================================== --- java/org/apache/catalina/valves/LocalStrings.properties (revision 832078) +++ java/org/apache/catalina/valves/LocalStrings.properties (working copy) @@ -41,6 +41,9 @@ errorReportValve.note=note errorReportValve.rootCauseInLogs=The full stack trace of the root cause is available in the {0} logs. +# Remote IP valve +remoteIpValve.syntax=Invalid regular expressions [{0}] provided. + # HTTP status reports http.100=The client may continue ({0}). http.101=The server is switching protocols according to the "Upgrade" header ({0}). Index: java/org/apache/catalina/valves/mbeans-descriptors.xml =================================================================== --- java/org/apache/catalina/valves/mbeans-descriptors.xml (revision 832078) +++ java/org/apache/catalina/valves/mbeans-descriptors.xml (working copy) @@ -355,4 +355,41 @@ + + + + + + + + + + + + + + + Index: webapps/docs/config/valve.xml =================================================================== --- webapps/docs/config/valve.xml (revision 832078) +++ webapps/docs/config/valve.xml (working copy) @@ -624,6 +624,88 @@ +
+ + + +

Tomcat port of + mod_remoteip, + this valve replaces the apparent client remote IP address and hostname for + the request with the IP address list presented by a proxy or a load balancer + via a request headers (e.g. "X-Forwarded-For").

+ +

Another feature of this valve is to replace the apparent scheme + (http/https) and server port with the scheme presented by a proxy or a load + balancer via a request header (e.g. "X-Forwarded-Proto").

+ +

This Valve may be used at the Engine, Host or + Context level as required. Normally, this Valve would be used + at the Engine level.

+ + + + + +

The Remote IP Valve supports the + following configuration attributes:

+ + + + +

Java class name of the implementation to use. This MUST be set to + org.apache.catalina.valves.RemoteIpValve.

+ + + +

Name of the HTTP Header read by this valve that holds the list of + traversed IP addresses starting from the requesting client. If not + specified, the default of x-forwarded-for is used.

+ + + +

List of internal proxies' IP addresses as comma separated regular + expressions. If they appear in the remoteIpHeader + value, they will be trusted and will not appear in the + proxiesHeader value. If not specified the default value + of 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, + 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3} will + be used.

+ + + +

Name of the HTTP header created by this valve to hold the list of + proxies that have been processed in the incoming + remoteIpHeader. If not specified, the default of + x-forwarded-by is used.

+ + + +

List of trusted proxies' IP addresses as comma separated regular + expressions. If they appear in the remoteIpHeader + value, they will be trusted and will appear in the + proxiesHeader value. If not specified, no proxies will + be trusted.

+ + + +

Name of the HTTP Header read by this valve that holds the protocol + used by the client to connect to the proxy. If not specified, the + default of null is used.

+ + + +

Value of the protocolHeader to indicate that it is + an HTTPS request. If not specified, the default of https is + used.

+ + + + + + +
+ +