svn commit: r1549524 - in /tomcat/trunk: java/org/apache/catalina/filters/RemoteIpFilter.java java/org/apache/catalina/valves/RemoteIpValve.java webapps/docs/config/filter.xml webapps/docs/config/valv
Author: markt Date: Mon Dec 9 09:48:42 2013 New Revision: 1549524 URL: http://svn.apache.org/r1549524 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55820 Include the 172.16/12 range in the default value for internal proxies. Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/trunk/webapps/docs/config/filter.xml tomcat/trunk/webapps/docs/config/valve.xml Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1549524r1=1549523r2=1549524view=diff == --- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Dec 9 09:48:42 2013 @@ -107,9 +107,12 @@ import org.apache.juli.logging.LogFactor * tdRemoteIPInternalProxy/td * tdRegular expression (in the syntax supported by * {@link java.util.regex.Pattern java.util.regex})/td - * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} br/ - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to - * describe with regular expressions/td + * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| + * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| + * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + * br/ + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed./td * /tr * /tr * tr @@ -695,7 +698,10 @@ public class RemoteIpFilter implements F 10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + 192\\.168\\.\\d{1,3}\\.\\d{1,3}| + 169\\.254\\.\\d{1,3}\\.\\d{1,3}| + -127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}); +127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}); /** * @see #setProtocolHeader(String) Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1549524r1=1549523r2=1549524view=diff == --- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original) +++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Dec 9 09:48:42 2013 @@ -88,9 +88,12 @@ import org.apache.juli.logging.LogFactor * tdRemoteIPInternalProxy/td * tdRegular expression (in the syntax supported by * {@link java.util.regex.Pattern java.util.regex})/td - * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}br/ - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to - * describe with regular expressions/td + * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| + * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| + * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + * br/ + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed./td * /tr * /tr * tr @@ -406,7 +409,10 @@ public class RemoteIpValve extends Valve 10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + 192\\.168\\.\\d{1,3}\\.\\d{1,3}| + 169\\.254\\.\\d{1,3}\\.\\d{1,3}| + -127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}); +127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}); /** * @see #setProtocolHeader(String) Modified: tomcat/trunk/webapps/docs/config/filter.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1549524r1=1549523r2=1549524view=diff == --- tomcat/trunk/webapps/docs/config/filter.xml (original) +++ tomcat/trunk/webapps/docs/config/filter.xml Mon Dec 9 09:48:42 2013 @@ -1202,7 +1202,7 @@ FINE: Request /docs/config/manager.html Internal proxies that appear in the strongremoteIpHeader/strong will be trusted and will not appear in the strongproxiesHeader/strong value. If not specified the default value of code -
Re: svn commit: r1549524 - in /tomcat/trunk: java/org/apache/catalina/filters/RemoteIpFilter.java java/org/apache/catalina/valves/RemoteIpValve.java webapps/docs/config/filter.xml webapps/docs/config/
2013/12/9 ma...@apache.org: Author: markt Date: Mon Dec 9 09:48:42 2013 New Revision: 1549524 URL: http://svn.apache.org/r1549524 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55820 Include the 172.16/12 range in the default value for internal proxies. Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/trunk/webapps/docs/config/filter.xml tomcat/trunk/webapps/docs/config/valve.xml Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1549524r1=1549523r2=1549524view=diff == --- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Mon Dec 9 09:48:42 2013 @@ -107,9 +107,12 @@ import org.apache.juli.logging.LogFactor * tdRemoteIPInternalProxy/td * tdRegular expression (in the syntax supported by * {@link java.util.regex.Pattern java.util.regex})/td - * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} br/ - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to - * describe with regular expressions/td + * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| + * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| + * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} I think the {1} above is superfluous, as that is the default cardinality. It may need a test, though. + * br/ + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed./td * /tr * /tr * tr @@ -695,7 +698,10 @@ public class RemoteIpFilter implements F 10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + 192\\.168\\.\\d{1,3}\\.\\d{1,3}| + 169\\.254\\.\\d{1,3}\\.\\d{1,3}| + -127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}); +127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}); /** * @see #setProtocolHeader(String) Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1549524r1=1549523r2=1549524view=diff == --- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original) +++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Mon Dec 9 09:48:42 2013 @@ -88,9 +88,12 @@ import org.apache.juli.logging.LogFactor * tdRemoteIPInternalProxy/td * tdRegular expression (in the syntax supported by * {@link java.util.regex.Pattern java.util.regex})/td - * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}br/ - * By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to - * describe with regular expressions/td + * td10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| + * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| + * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + * br/ + * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed./td * /tr * /tr * tr @@ -406,7 +409,10 @@ public class RemoteIpValve extends Valve 10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + 192\\.168\\.\\d{1,3}\\.\\d{1,3}| + 169\\.254\\.\\d{1,3}\\.\\d{1,3}| + -127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}); +127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}| + +172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}); /** * @see #setProtocolHeader(String) Modified: tomcat/trunk/webapps/docs/config/filter.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1549524r1=1549523r2=1549524view=diff == --- tomcat/trunk/webapps/docs/config/filter.xml (original) +++ tomcat/trunk/webapps/docs/config/filter.xml Mon Dec 9 09:48:42 2013 @@ -1202,7 +1202,7 @@ FINE: Request /docs/config/manager.html Internal proxies that appear in the strongremoteIpHeader/strong will be trusted