https://bz.apache.org/bugzilla/show_bug.cgi?id=60751
Bug ID: 60751 Summary: Add 100.64/10 to the default internalProxies Product: Tomcat 8 Version: 8.0.x-trunk Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: matthias.winze...@gmail.com Target Milestone: ---- Created attachment 34769 --> https://bz.apache.org/bugzilla/attachment.cgi?id=34769&action=edit Patch that adds 100.64/10 to internalProxies for Tomcat 8.0.x trunk As a service provider, we use the 100.64/10 range quite often for our private networks. Currently Tomcat does not include this range in the default value of internalProxies in the classes RemoteIpValve and RemoteIpFilter. Since our Loadbalancer runs on a 100.64 address, it is not covered by the default private networks in Tomcat and the logic of RemoteIpValve is skipped (i.e. setting the ports and the scheme based on X-Forwarded-Proto). This patch adds the 100.64/10 range to the default internalProxies. As far as I understand, this subnet should be treated the same as the other private networks: https://en.wikipedia.org/wiki/Reserved_IP_addresses I'm aware that this can be fixed in the configuration rather easily. But since we're offering CloudFoundry to our customers where the customers deploy their own Tomcats, we do not own these configurations - and we would like to be interoperable with other CloudFoundries that run in different networks and do not require this fix. We think it would be nice if Tomcat supports these networks out-of-the-box. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org