svn commit: r1549524 - in /tomcat/trunk: java/org/apache/catalina/filters/RemoteIpFilter.java java/org/apache/catalina/valves/RemoteIpValve.java webapps/docs/config/filter.xml webapps/docs/config/valve.xml

Mon, 09 Dec 2013 01:49:39 -0800 

Author: markt
Date: Mon Dec  9 09:48:42 2013
New Revision: 1549524

URL: http://svn.apache.org/r1549524
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55820
Include the 172.16/12 range in the default value for internal proxies.

Modified:
    tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
    tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
    tomcat/trunk/webapps/docs/config/filter.xml
    tomcat/trunk/webapps/docs/config/valve.xml

Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original)
+++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Dec  
9 09:48:42 2013
@@ -107,9 +107,12 @@ import org.apache.juli.logging.LogFactor
  * <td>RemoteIPInternalProxy</td>
  * <td>Regular expression (in the syntax supported by
  * {@link java.util.regex.Pattern java.util.regex})</td>
- * 
<td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
 <br/>
- * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 
has not been enabled by default because it is complex to
- * describe with regular expressions</td>
+ * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
+ *     169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
+ *     172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
+ *     172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
+ *     <br/>
+ * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are 
allowed.</td>
  * </tr>
  * </tr>
  * <tr>
@@ -695,7 +698,10 @@ public class RemoteIpFilter implements F
             "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
             "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
             "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
-            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
+            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
+            "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+            "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+            "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
 
     /**
      * @see #setProtocolHeader(String)

Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Dec  9 
09:48:42 2013
@@ -88,9 +88,12 @@ import org.apache.juli.logging.LogFactor
  * <td>RemoteIPInternalProxy</td>
  * <td>Regular expression (in the syntax supported by
  * {@link java.util.regex.Pattern java.util.regex})</td>
- * 
<td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}<br/>
- * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 
has not been enabled by default because it is complex to
- * describe with regular expressions</td>
+ * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
+ *     169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
+ *     172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|
+ *     172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
+ *     <br/>
+ * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are 
allowed.</td>
  * </tr>
  * </tr>
  * <tr>
@@ -406,7 +409,10 @@ public class RemoteIpValve extends Valve
             "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
             "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" +
             "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" +
-            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
+            "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" +
+            "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+            "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" +
+            "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}");
 
     /**
      * @see #setProtocolHeader(String)

Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Mon Dec  9 09:48:42 2013
@@ -1202,7 +1202,7 @@ FINE: Request "/docs/config/manager.html
         Internal proxies that appear in the <strong>remoteIpHeader</strong> 
will
         be trusted and will not appear in the <strong>proxiesHeader</strong>
         value. If not specified the default value of <code>
-        
10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
+        
10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
         </code> will be used.</p>
       </attribute>
 

Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1549524&r1=1549523&r2=1549524&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Mon Dec  9 09:48:42 2013
@@ -1296,7 +1296,7 @@
         Internal proxies that appear in the <strong>remoteIpHeader</strong> 
will
         be trusted and will not appear in the <strong>proxiesHeader</strong>
         value. If not specified the default value of <code>
-        
10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}
+        
10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}
         </code> will be used.</p>
       </attribute>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to