Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-702

Support for set "trusted proxies" on ProxyPeerAddressHandler

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Won't Do
    • Major
    • None
    • 1.3.15.Final
    • None
    • None

    Description

      Created JIRA based on the discussion on Wildfly forum with Tomaz Cerar - https://developer.jboss.org/message/955142

      The undertow has support for propagate the information from "X-Protocol-For" HTTP header to have it available in underlying httpServletRequest.getRemoteAddr() . This is done by ProxyPeerAddressHandler.

      However the solution is in some cases not flexible enough. It allows me to either trust all proxies from "X-Protocol-For" header or not trust any proxy at all. The Tomcat has very flexible solution through RemoteIpValve, which allows to configure many things (like list of trusted proxies, local proxies etc). See https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html .

      So wonder if ProxyPeerAddressHandler also shouldn't be more flexible to have support for stuff like this?

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            mposolda@redhat.com Marek Posolda
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: