Bug 63556 - Mark request as forwarded in RemoteIpValve and RemoteIpFilter
Summary: Mark request as forwarded in RemoteIpValve and RemoteIpFilter
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.x
Hardware: All All
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
Depends on:
Blocks: 62496
  Show dependency tree
Reported: 2019-07-09 14:00 UTC by Michael Osipov
Modified: 2019-07-09 20:46 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Osipov 2019-07-09 14:00:46 UTC
In some situations you'd like to know from a component whether your request has been forwarded by a reverse proxy.

A real life usecase:

HTTPd => Tomcat; Tomcat does auth, logs in access.log => HTTPd => logs in access.log, REMOTE_USER is empty. Logs are inconsistent.

If this flag is set AuthenticatorBase can check this and write request#getRemoteUser() + auth method to the response headers which HTTPd can picked up and make access.log consistent.

This is required by: 62496

A PR is in preparation.
Comment 1 Michael Osipov 2019-07-09 14:10:36 UTC
PR delivered: https://github.com/apache/tomcat/pull/178

Will then back port.
Comment 2 Michael Osipov 2019-07-09 20:46:03 UTC
Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.95 onwards