https://bz.apache.org/bugzilla/show_bug.cgi?id=60751
Bug ID: 60751
Summary: Add 100.64/10 to the default internalProxies
Product: Tomcat 8
Version: 8.0.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: matthias.winze...@gmail.com
Target Milestone: ----
Created attachment 34769
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34769&action=edit
Patch that adds 100.64/10 to internalProxies for Tomcat 8.0.x trunk
As a service provider, we use the 100.64/10 range quite often for our private
networks.
Currently Tomcat does not include this range in the default value of
internalProxies in the classes RemoteIpValve and RemoteIpFilter. Since our
Loadbalancer runs on a 100.64 address, it is not covered by the default private
networks in Tomcat and the logic of RemoteIpValve is skipped (i.e. setting the
ports and the scheme based on X-Forwarded-Proto).
This patch adds the 100.64/10 range to the default internalProxies.
As far as I understand, this subnet should be treated the same as the other
private networks:
https://en.wikipedia.org/wiki/Reserved_IP_addresses
I'm aware that this can be fixed in the configuration rather easily.
But since we're offering CloudFoundry to our customers where the customers
deploy their own Tomcats, we do not own these configurations - and we would
like to be interoperable with other CloudFoundries that run in different
networks and do not require this fix.
We think it would be nice if Tomcat supports these networks out-of-the-box.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
