|
Lines 624-629
Link Here
|
| 624 |
</section> |
624 |
</section> |
| 625 |
|
625 |
|
| 626 |
|
626 |
|
|
|
627 |
<section name="Remote IP Valve"> |
| 628 |
|
| 629 |
<subsection name="Introduction"> |
| 630 |
|
| 631 |
<p>Tomcat port of |
| 632 |
<a href="http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html">mod_remoteip</a>, |
| 633 |
this valve replaces the apparent client remote IP address and hostname for |
| 634 |
the request with the IP address list presented by a proxy or a load balancer |
| 635 |
via a request headers (e.g. "X-Forwarded-For").</p> |
| 636 |
|
| 637 |
<p>Another feature of this valve is to replace the apparent scheme |
| 638 |
(http/https) and server port with the scheme presented by a proxy or a load |
| 639 |
balancer via a request header (e.g. "X-Forwarded-Proto").</p> |
| 640 |
|
| 641 |
<p>This Valve may be used at the <code>Engine</code>, <code>Host</code> or |
| 642 |
<code>Context</code> level as required. Normally, this Valve would be used |
| 643 |
at the <code>Engine</code> level.</p> |
| 644 |
|
| 645 |
</subsection> |
| 646 |
|
| 647 |
<subsection name="Attributes"> |
| 648 |
|
| 649 |
<p>The <strong>Remote IP Valve</strong> supports the |
| 650 |
following configuration attributes:</p> |
| 651 |
|
| 652 |
<attributes> |
| 653 |
|
| 654 |
<attribute name="className" required="true"> |
| 655 |
<p>Java class name of the implementation to use. This MUST be set to |
| 656 |
<strong>org.apache.catalina.valves.RemoteIpValve</strong>.</p> |
| 657 |
</attribute> |
| 658 |
|
| 659 |
<attribute name="remoteIPHeader" required="false"> |
| 660 |
<p>Name of the HTTP Header read by this valve that holds the list of |
| 661 |
traversed IP addresses starting from the requesting client. If not |
| 662 |
specified, the default of <code>x-forwarded-for</code> is used.</p> |
| 663 |
</attribute> |
| 664 |
|
| 665 |
<attribute name="internalProxies" required="false"> |
| 666 |
<p>List of internal proxies' IP addresses as comma separated regular |
| 667 |
expressions. If they appear in the <strong>remoteIpHeader</strong> |
| 668 |
value, they will be trusted and will not appear in the |
| 669 |
<strong>proxiesHeader</strong> value. If not specified the default value |
| 670 |
of <code>10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, |
| 671 |
169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}</code> will |
| 672 |
be used.</p> |
| 673 |
</attribute> |
| 674 |
|
| 675 |
<attribute name="proxiesHeader" required="false"> |
| 676 |
<p>Name of the HTTP header created by this valve to hold the list of |
| 677 |
proxies that have been processed in the incoming |
| 678 |
<strong>remoteIpHeader</strong>. If not specified, the default of |
| 679 |
<code>x-forwarded-by</code> is used.</p> |
| 680 |
</attribute> |
| 681 |
|
| 682 |
<attribute name="trustedProxies" required="false"> |
| 683 |
<p>List of trusted proxies' IP addresses as comma separated regular |
| 684 |
expressions. If they appear in the <strong>remoteIpHeader</strong> |
| 685 |
value, they will be trusted and will appear in the |
| 686 |
<strong>proxiesHeader</strong> value. If not specified, no proxies will |
| 687 |
be trusted.</p> |
| 688 |
</attribute> |
| 689 |
|
| 690 |
<attribute name="protocolHeader" required="false"> |
| 691 |
<p>Name of the HTTP Header read by this valve that holds the protocol |
| 692 |
used by the client to connect to the proxy. If not specified, the |
| 693 |
default of <code>null</code> is used.</p> |
| 694 |
</attribute> |
| 695 |
|
| 696 |
<attribute name="protocolHeaderHttpsValue" required="false"> |
| 697 |
<p>Value of the <strong>protocolHeader</strong> to indicate that it is |
| 698 |
an HTTPS request. If not specified, the default of <code>https</code> is |
| 699 |
used.</p> |
| 700 |
</attribute> |
| 701 |
|
| 702 |
</attributes> |
| 703 |
|
| 704 |
</subsection> |
| 705 |
|
| 706 |
</section> |
| 707 |
|
| 708 |
|
| 627 |
</body> |
709 |
</body> |
| 628 |
|
710 |
|
| 629 |
|
711 |
|