View | Details | Raw Unified | Return to bug 47330
Collapse All | Expand All

(-)java/org/apache/catalina/valves/LocalStrings.properties (+3 lines)
Lines 41-46 Link Here
41
errorReportValve.note=note
41
errorReportValve.note=note
42
errorReportValve.rootCauseInLogs=The full stack trace of the root cause is available in the {0} logs.
42
errorReportValve.rootCauseInLogs=The full stack trace of the root cause is available in the {0} logs.
43
43
44
# Remote IP valve
45
remoteIpValve.syntax=Invalid regular expressions [{0}] provided.
46
44
# HTTP status reports
47
# HTTP status reports
45
http.100=The client may continue ({0}).
48
http.100=The client may continue ({0}).
46
http.101=The server is switching protocols according to the "Upgrade" header ({0}).
49
http.101=The server is switching protocols according to the "Upgrade" header ({0}).
(-)java/org/apache/catalina/valves/mbeans-descriptors.xml (+37 lines)
Lines 355-358 Link Here
355
355
356
  </mbean>
356
  </mbean>
357
357
358
  <mbean name="RemoteIpValve"
359
         description="Valve that sets client information (eg IP address) based on data from a trusted proxy"
360
         domain="Catalina"
361
         group="Valve"
362
         type="org.apache.catalina.valves.RemoteIpValve">
363
    
364
    <attribute name="internalProxies"
365
               description="Comma delimited list of internal proxies"
366
               type="java.lang.String"
367
               writeable="false" />
368
               
369
    <attribute name="protocolHeader"
370
               description="The protocol header (e.g. &quot;X-Forwarded-Proto&quot;)"
371
               type="java.lang.String"
372
               writeable="false" />
373
               
374
    <attribute name="protocolHeaderHttpsValue"
375
               description="The value of the protocol header for incoming https request (e.g. &quot;https&quot;)"
376
               type="java.lang.String"
377
               writeable="false" />
378
               
379
    <attribute name="proxiesHeader"
380
               description="The proxies header name (e.g. &quot;X-Forwarded-By&quot;)"
381
               type="java.lang.String"
382
               writeable="false" />
383
               
384
    <attribute name="remoteIpHedaer"
385
               description="The remote IP header name (e.g. &quot;X-Forwarded-For&quot;)"
386
               type="java.lang.String"
387
               writeable="false" />
388
               
389
    <attribute name="trustedProxies"
390
               description="Comma delimited list of trusted proxies"
391
               type="java.lang.String"
392
               writeable="false" />
393
               
394
  </mbean>
358
</mbeans-descriptors>
395
</mbeans-descriptors>
(-)webapps/docs/config/valve.xml (+82 lines)
Lines 624-629 Link Here
624
</section>
624
</section>
625
625
626
626
627
<section name="Remote IP Valve">
628
629
  <subsection name="Introduction">
630
  
631
    <p>Tomcat port of
632
    <a href="http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html">mod_remoteip</a>,
633
    this valve replaces the apparent client remote IP address and hostname for
634
    the request with the IP address list presented by a proxy or a load balancer
635
    via a request headers (e.g. &quot;X-Forwarded-For&quot;).</p>
636
637
    <p>Another feature of this valve is to replace the apparent scheme
638
    (http/https) and server port with the scheme presented by a proxy or a load
639
    balancer via a request header (e.g. &quot;X-Forwarded-Proto&quot;).</p>
640
 
641
    <p>This Valve may be used at the <code>Engine</code>, <code>Host</code> or
642
    <code>Context</code> level as required. Normally, this Valve would be used
643
    at the <code>Engine</code> level.</p>
644
645
  </subsection>
646
647
  <subsection name="Attributes">
648
649
    <p>The <strong>Remote IP Valve</strong> supports the
650
    following configuration attributes:</p>
651
652
    <attributes>
653
654
      <attribute name="className" required="true">
655
        <p>Java class name of the implementation to use.  This MUST be set to
656
        <strong>org.apache.catalina.valves.RemoteIpValve</strong>.</p>
657
      </attribute>
658
659
      <attribute name="remoteIPHeader" required="false">
660
        <p>Name of the HTTP Header read by this valve that holds the list of
661
        traversed IP addresses starting from the requesting client. If not
662
        specified, the default of <code>x-forwarded-for</code> is used.</p>
663
      </attribute>
664
665
      <attribute name="internalProxies" required="false">
666
        <p>List of internal proxies' IP addresses as comma separated regular
667
        expressions. If they appear in the <strong>remoteIpHeader</strong>
668
        value, they will be trusted and will not appear in the
669
        <strong>proxiesHeader</strong> value. If not specified the default value
670
        of <code>10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3},
671
        169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}</code> will
672
        be used.</p>
673
      </attribute>
674
675
      <attribute name="proxiesHeader" required="false">
676
        <p>Name of the HTTP header created by this valve to hold the list of
677
        proxies that have been processed in the incoming
678
        <strong>remoteIpHeader</strong>. If not specified, the default of
679
        <code>x-forwarded-by</code> is used.</p>
680
      </attribute>
681
682
      <attribute name="trustedProxies" required="false">
683
        <p>List of trusted proxies' IP addresses as comma separated regular
684
        expressions. If they appear in the <strong>remoteIpHeader</strong>
685
        value, they will be trusted and will appear in the
686
        <strong>proxiesHeader</strong> value. If not specified, no proxies will
687
        be trusted.</p>
688
      </attribute>
689
690
      <attribute name="protocolHeader" required="false">
691
        <p>Name of the HTTP Header read by this valve that holds the protocol
692
        used by the client to connect to the proxy. If not specified, the
693
        default of <code>null</code> is used.</p>
694
      </attribute>
695
696
      <attribute name="protocolHeaderHttpsValue" required="false">
697
        <p>Value of the <strong>protocolHeader</strong> to indicate that it is
698
        an HTTPS request. If not specified, the default of <code>https</code> is
699
        used.</p>
700
      </attribute>
701
702
    </attributes>
703
704
  </subsection>
705
706
</section>
707
708
627
</body>
709
</body>
628
710
629
711

Return to bug 47330