Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6153

[Migration][WebToUndertow] RemoteIpValve is not correctly migrated

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 11.0.0.Final
    • 10.0.0.Final
    • Web (Undertow)
    • None

    Description

      When migrating RemoteIpValve which looks like this 

       <valve name="remote-ip-valve" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteIpValve">
        <param param-name="httpServerPort" param-value="8080"/>
        <param param-name="httpsServerPort" param-value="8443"/>
        <param param-name="internalProxies" param-value="192.*|127.*"/>
        <param param-name="trustedProxies" param-value="10.*"/>
        <param param-name="protocolHeaderHttpsValue" param-value="https"/>
        <param param-name="protocolHeader" param-value="X-Forwarded-Proto"/>
        <param param-name="remoteIpHeader" param-value="X-Forwarded-For"/>
        <param param-name="proxiesHeader" param-value="X-Forwarded-By"/>
    </valve>

      it is migrated to expression filter looking like this

      <expression-filter expression="regexp(pattern=&quot;10.*&quot;, value=%{i, x-forwarded-for}, full-match=true) and regexp(pattern=&quot;192.*|127.*&quot;, value=%{i, x-forwarded-for}, full-match=true) -&gt; { proxy-peer-address(); }" name="remote-ip-valve"/>

      When doing request to http://127.0.0.1:8080/ it fails with 500 and this exception in log

      14:06:53,648 ERROR [io.undertow.request] (default I/O-4) UT005071: Undertow request failed HttpServerExchange{ GET / request {Accept=[*/*], User-Agent=[curl/7.43.0-DEV], Host=[127.0.0.1:8080]} response {}}: java.lang.IllegalArgumentException: UT000045: Error parsing predicated handler string Expecting , or ):
regexp(pattern="10.*", value=%{i, x-forwarded-for}, full-match=true) and regexp(pattern="192.*|127.*", value=%{i, x-forwarded-for}, full-match=true) -> { proxy-peer-address(); }
                                                                                                                                                                                 ^
	at io.undertow.server.handlers.builder.PredicatedHandlersParser.error(PredicatedHandlersParser.java:727)
	at io.undertow.server.handlers.builder.PredicatedHandlersParser.parseExpression(PredicatedHandlersParser.java:506)
	at io.undertow.server.handlers.builder.PredicatedHandlersParser.parse(PredicatedHandlersParser.java:381)
	at io.undertow.server.handlers.builder.PredicatedHandlersParser.parse(PredicatedHandlersParser.java:322)
	at io.undertow.server.handlers.builder.PredicatedHandlersParser.parse(PredicatedHandlersParser.java:85)
	at org.wildfly.extension.undertow.filters.ExpressionFilterDefinition.createHttpHandler(ExpressionFilterDefinition.java:88)
	at org.wildfly.extension.undertow.filters.FilterService.createHttpHandler(FilterService.java:57)
	at org.wildfly.extension.undertow.filters.FilterRef.createHttpHandler(FilterRef.java:69)
	at org.wildfly.extension.undertow.LocationService.configureHandlerChain(LocationService.java:96)
	at org.wildfly.extension.undertow.Host.configureRootHandler(Host.java:117)
	at org.wildfly.extension.undertow.Host.getOrCreateRootHandler(Host.java:171)
	at org.wildfly.extension.undertow.Host$HostRootHandler.handleRequest(Host.java:285)
	at io.undertow.server.handlers.NameVirtualHostHandler.handleRequest(NameVirtualHostHandler.java:64)
	at io.undertow.server.handlers.error.SimpleErrorPageHandler.handleRequest(SimpleErrorPageHandler.java:76)
	at io.undertow.server.handlers.CanonicalPathHandler.handleRequest(CanonicalPathHandler.java:49)
	at io.undertow.server.handlers.ChannelUpgradeHandler.handleRequest(ChannelUpgradeHandler.java:158)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:233)
	at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:131)
	at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:145)
	at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:92)
	at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:51)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
	at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:121)
	at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)

      The exception is caused by not having in quotes the '%{i, x-forwarded-for}'.
      Also there is no predicate named regexp, the correct name is regex.

      As this is hidden to the customer during the migration operation and is not visible before customer sends request to the server marking as blocker.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-3311 [Migration][WebToUndertow] RemoteIpValve is not correctly migrated

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              ehugonne1@redhat.com Emmanuel Hugonnet
              ehugonne1@redhat.com Emmanuel Hugonnet
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: