63556 – Mark request as forwarded in RemoteIpValve and RemoteIpFilter

Bug 63556 - Mark request as forwarded in RemoteIpValve and RemoteIpFilter

Summary: Mark request as forwarded in RemoteIpValve and RemoteIpFilter

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 9
Classification:	Unclassified
Component:	Catalina (show other bugs)
Version:	9.0.x
Hardware:	All All

Importance:	P2 enhancement (vote)
Target Milestone:	-----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:	62496
	Show dependency tree

Reported:	2019-07-09 14:00 UTC by Michael Osipov
Modified:	2019-07-09 20:46 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Osipov 2019-07-09 14:00:46 UTC

In some situations you'd like to know from a component whether your request has been forwarded by a reverse proxy.

A real life usecase:

HTTPd => Tomcat; Tomcat does auth, logs in access.log => HTTPd => logs in access.log, REMOTE_USER is empty. Logs are inconsistent.

If this flag is set AuthenticatorBase can check this and write request#getRemoteUser() + auth method to the response headers which HTTPd can picked up and make access.log consistent.

This is required by: 62496

A PR is in preparation.

Comment 1 Michael Osipov 2019-07-09 14:10:36 UTC

PR delivered: https://github.com/apache/tomcat/pull/178

Will then back port.

Comment 2 Michael Osipov 2019-07-09 20:46:03 UTC

Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards
- 7.0.x for 7.0.95 onwards