ASF Bugzilla – Attachment 33985 Details for
Bug 57665
support x-forwarded-host
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch that adds optional X-Forwarded-Host support
tomcat-57665.patch (text/plain), 7.36 KB, created by
Stefan Fussenegger
on 2016-06-24 12:06:15 UTC
(
hide
)
Description:
patch that adds optional X-Forwarded-Host support
Filename:
MIME Type:
Creator:
Stefan Fussenegger
Created:
2016-06-24 12:06:15 UTC
Size:
7.36 KB
patch
obsolete
>Index: test/org/apache/catalina/valves/TestRemoteIpValve.java >=================================================================== >--- test/org/apache/catalina/valves/TestRemoteIpValve.java (revision 1750075) >+++ test/org/apache/catalina/valves/TestRemoteIpValve.java (working copy) >@@ -47,6 +47,7 @@ > private String remoteHost; > private String scheme; > private boolean secure; >+ private String serverName; > private int serverPort; > private String forwardedFor; > private String forwardedBy; >@@ -63,6 +64,10 @@ > return scheme; > } > >+ public String getServerName() { >+ return serverName; >+ } >+ > public int getServerPort() { > return serverPort; > } >@@ -85,6 +90,7 @@ > this.remoteAddr = request.getRemoteAddr(); > this.scheme = request.getScheme(); > this.secure = request.isSecure(); >+ this.serverName = request.getServerName(); > this.serverPort = request.getServerPort(); > this.forwardedFor = request.getHeader("x-forwarded-for"); > this.forwardedBy = request.getHeader("x-forwarded-by"); >@@ -670,6 +676,62 @@ > } > > @Test >+ public void testInvokeXforwardedHost() throws Exception { >+ >+ // PREPARE >+ RemoteIpValve remoteIpValve = new RemoteIpValve(); >+ remoteIpValve.setHostHeader("x-forwarded-host"); >+ remoteIpValve.setPortHeader("x-forwarded-port"); >+ remoteIpValve.setProtocolHeader("x-forwarded-proto"); >+ RemoteAddrAndHostTrackerValve remoteAddrAndHostTrackerValve = new RemoteAddrAndHostTrackerValve(); >+ remoteIpValve.setNext(remoteAddrAndHostTrackerValve); >+ >+ Request request = new MockRequest(); >+ request.setCoyoteRequest(new org.apache.coyote.Request()); >+ // client ip >+ request.setRemoteAddr("192.168.0.10"); >+ request.setRemoteHost("192.168.0.10"); >+ // protocol >+ request.setSecure(false); >+ request.setServerPort(8080); >+ request.getCoyoteRequest().scheme().setString("http"); >+ // host and port >+ request.getCoyoteRequest().serverName().setString("10.0.0.1"); >+ request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-host").setString("example.com"); >+ request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-port").setString("8443"); >+ request.getCoyoteRequest().getMimeHeaders().addValue("x-forwarded-proto").setString("https"); >+ >+ // TEST >+ remoteIpValve.invoke(request, null); >+ >+ // VERIFY >+ // protocol >+ String actualServerName = remoteAddrAndHostTrackerValve.getServerName(); >+ assertEquals("x-forwarded-host is null", "example.com", actualServerName); >+ >+ String actualScheme = remoteAddrAndHostTrackerValve.getScheme(); >+ assertEquals("x-forwarded-proto is null", "https", actualScheme); >+ >+ int actualServerPort = remoteAddrAndHostTrackerValve.getServerPort(); >+ assertEquals("x-forwarded-proto is null", 8443, actualServerPort); >+ >+ boolean actualSecure = remoteAddrAndHostTrackerValve.isSecure(); >+ assertTrue("x-forwarded-proto is null", actualSecure); >+ >+ String actualPostInvokeServerName = request.getServerName(); >+ assertEquals("postInvoke serverName", "10.0.0.1", actualPostInvokeServerName); >+ >+ boolean actualPostInvokeSecure = request.isSecure(); >+ assertFalse("postInvoke secure", actualPostInvokeSecure); >+ >+ int actualPostInvokeServerPort = request.getServerPort(); >+ assertEquals("postInvoke serverPort", 8080, actualPostInvokeServerPort); >+ >+ String actualPostInvokeScheme = request.getScheme(); >+ assertEquals("postInvoke scheme", "http", actualPostInvokeScheme); >+ } >+ >+ @Test > public void testInvokeNotAllowedRemoteAddr() throws Exception { > // PREPARE > RemoteIpValve remoteIpValve = new RemoteIpValve(); >Index: java/org/apache/catalina/valves/RemoteIpValve.java >=================================================================== >--- java/org/apache/catalina/valves/RemoteIpValve.java (revision 1750075) >+++ java/org/apache/catalina/valves/RemoteIpValve.java (working copy) >@@ -424,6 +424,8 @@ > */ > private String protocolHeaderHttpsValue = "https"; > >+ private String hostHeader = null; >+ > private String portHeader = null; > > /** >@@ -475,6 +477,26 @@ > > /** > * Obtain the name of the HTTP header used to override the value returned >+ * by {@link Request#getServerName()}. >+ * >+ * @return The HTTP header name >+ */ >+ public String getHostHeader() { >+ return hostHeader; >+ } >+ >+ /** >+ * Set the name of the HTTP header used to override the value returned >+ * by {@link Request#getServerName()}. >+ * >+ * @param hostHeader The HTTP header name >+ */ >+ public void setHostHeader(String hostHeader) { >+ this.hostHeader = hostHeader; >+ } >+ >+ /** >+ * Obtain the name of the HTTP header used to override the value returned > * by {@link Request#getServerPort()} and (optionally depending on {link > * {@link #isChangeLocalPort()} {@link Request#getLocalPort()}. > * >@@ -567,6 +589,7 @@ > final String originalRemoteHost = request.getRemoteHost(); > final String originalScheme = request.getScheme(); > final boolean originalSecure = request.isSecure(); >+ final String originalServerName = request.getServerName(); > final int originalServerPort = request.getServerPort(); > final String originalProxiesHeader = request.getHeader(proxiesHeader); > final String originalRemoteIpHeader = request.getHeader(remoteIpHeader); >@@ -639,6 +662,7 @@ > // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0 > request.getCoyoteRequest().scheme().setString("https"); > >+ setHost(request); > setPorts(request, httpsServerPort); > } else { > request.setSecure(false); >@@ -645,6 +669,7 @@ > // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0 > request.getCoyoteRequest().scheme().setString("http"); > >+ setHost(request); > setPorts(request, httpServerPort); > } > } >@@ -685,6 +710,7 @@ > // use request.coyoteRequest.scheme instead of request.setScheme() because request.setScheme() is no-op in Tomcat 6.0 > request.getCoyoteRequest().scheme().setString(originalScheme); > >+ request.getCoyoteRequest().serverName().setString(originalServerName); > request.setServerPort(originalServerPort); > > if (originalProxiesHeader == null || originalProxiesHeader.length() == 0) { >@@ -701,6 +727,15 @@ > } > } > >+ private void setHost(Request request) { >+ if (hostHeader != null) { >+ String hostHeaderValue = request.getHeader(hostHeader); >+ if (hostHeaderValue != null) { >+ request.getCoyoteRequest().serverName().setString(hostHeaderValue); >+ } >+ } >+ } >+ > private void setPorts(Request request, int defaultPort) { > int port = defaultPort; > if (portHeader != null) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=33985">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 57665
:
33985
|
34824