Skip to content

Add support for X-Forwarded-Host using Tomcat's new RemoteIpValve hostHeader attribute #18233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
NFarrington opened this issue Sep 15, 2019 · 1 comment
Closed

Add support for X-Forwarded-Host using Tomcat's new RemoteIpValve hostHeader attribute #18233

NFarrington opened this issue Sep 15, 2019 · 1 comment
Assignees
@wilkinsona
Labels
type: enhancement A general enhancement
Milestone
2.2.0.RC1

Comments

@NFarrington
Copy link

Tomcat now supports the X-Forwarded-Host header, per https://bz.apache.org/bugzilla/show_bug.cgi?id=57665 (as referenced in #5677).

It would be great to add support for this in order to enable a more complete support for X-Forwarded-* headers without needing to use the ForwardedHeaderFilter, and to provide closer feature parity with what's available in RemoteIpValve.

The current (Spring Boot 2.1.8.RELEASE) RemoteIpValve configuration can be found here:

spring-boot/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java

Lines 146 to 166 in b1ca1ae

private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory) {
Tomcat tomcatProperties = this.serverProperties.getTomcat();
String protocolHeader = tomcatProperties.getProtocolHeader();
String remoteIpHeader = tomcatProperties.getRemoteIpHeader();
// For back compatibility the valve is also enabled if protocol-header is set
if (StringUtils.hasText(protocolHeader) || StringUtils.hasText(remoteIpHeader)
|| getOrDeduceUseForwardHeaders()) {
RemoteIpValve valve = new RemoteIpValve();
valve.setProtocolHeader(StringUtils.hasLength(protocolHeader) ? protocolHeader : "X-Forwarded-Proto");
if (StringUtils.hasLength(remoteIpHeader)) {
valve.setRemoteIpHeader(remoteIpHeader);
}
// The internal proxies default to a white list of "safe" internal IP
// addresses
valve.setInternalProxies(tomcatProperties.getInternalProxies());
valve.setPortHeader(tomcatProperties.getPortHeader());
valve.setProtocolHeaderHttpsValue(tomcatProperties.getProtocolHeaderHttpsValue());
// ... so it's safe to add this valve by default.
factory.addEngineValves(valve);
}
}

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 15, 2019
@philwebb
Copy link
Member

This is the relevant Tomcat commit: apache/tomcat@67c3af9

@philwebb philwebb added for: team-attention An issue we'd like other members of the team to review type: enhancement A general enhancement and removed for: team-attention An issue we'd like other members of the team to review status: waiting-for-triage An issue we've not yet triaged labels Sep 15, 2019
@philwebb philwebb modified the milestones: 2.x, 2.2.x Sep 18, 2019
@wilkinsona wilkinsona self-assigned this Sep 22, 2019
@snicoll snicoll modified the milestones: 2.2.x, 2.2.0.RC1 Sep 22, 2019
@datagitlies datagitlies mentioned this issue Oct 10, 2019
Closed
@wilkinsona wilkinsona mentioned this issue Dec 5, 2019
Closed
@bric3 bric3 mentioned this issue Dec 9, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wilkinsona wilkinsona

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
2.2.0.RC1
Development

No branches or pull requests
5 participants
@snicoll @philwebb @wilkinsona @NFarrington @spring-projects-issues