View | Details | Raw Unified | Return to bug 54080
Collapse All | Expand All

(-)java/org/apache/catalina/valves/RemoteIpValve.java (+3 lines)
Lines 93-98 Link Here
93
 * <td>RemoteIPInternalProxy</td>
93
 * <td>RemoteIPInternalProxy</td>
94
 * <td>Comma delimited list of regular expressions (in the syntax supported by the {@link java.util.regex.Pattern} library)</td>
94
 * <td>Comma delimited list of regular expressions (in the syntax supported by the {@link java.util.regex.Pattern} library)</td>
95
 * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3} <br/>
95
 * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3} <br/>
96
 * Note that this comma-separated regular expression <i>is</i> used by default but cannot be specified in the same way through
97
 * String-based configuration, as the commas in the \d{1,3} expressions will improperly split. You cannot use commas inside each
98
 * regular expression pattern or they will be mistaken as expression separators.
96
 * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to
99
 * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to
97
 * describe with regular expressions</td>
100
 * describe with regular expressions</td>
98
 * </tr>
101
 * </tr>
(-)webapps/docs/config/valve.xml (-2 / +10 lines)
Lines 860-868 Link Here
860
        expressions. If they appear in the <strong>remoteIpHeader</strong>
860
        expressions. If they appear in the <strong>remoteIpHeader</strong>
861
        value, they will be trusted and will not appear in the
861
        value, they will be trusted and will not appear in the
862
        <strong>proxiesHeader</strong> value. If not specified the default value
862
        <strong>proxiesHeader</strong> value. If not specified the default value
863
        of <code>10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3},
863
        of <code>10\.\d(\d|\d\d)?\.\d(\d|\d\d)?\.\d(\d|\d\d)?,
864
        169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}</code> will
864
        192\.168\.\d(\d|\d\d)?\.\d(\d|\d\d)?,
865
        169\.254\.\d(\d|\d\d)?\.\d(\d|\d\d)?,
866
        127\.\d(\d|\d\d)?\.\d(\d|\d\d)?\.\d(\d|\d\d)?</code> will
865
        be used.</p>
867
        be used.</p>
868
        <p>
869
          Note that the individual regular expressions <i>must not</i>
870
          contain commas themselves, as the <code>internalProxies</code>
871
          value is first split by commas, then parsed into separate regular
872
          expression patterns.
873
        </p>
866
      </attribute>
874
      </attribute>
867
875
868
      <attribute name="proxiesHeader" required="false">
876
      <attribute name="proxiesHeader" required="false">

Return to bug 54080