https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
Mark Thomas changed:
What|Removed |Added
Component|Catalina|Connectors
--- Comment #26 from Mark Tho
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
Mark Thomas changed:
What|Removed |Added
Version|8.0.21 |unspecified
Product|Tomcat 8
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
Lapo Luchini changed:
What|Removed |Added
CC||l...@lapo.it
--
You are receiving this
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #24 from Tim ---
I just re-read the spec and I see that the Proxy Protocol header must be
required on every request.
I'm not convinced requiring the Proxy Protocol header on every request
increases security, especially not in the n
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #23 from Mark Thomas ---
(In reply to Tim from comment #22)
> Mark Thomas: Why do you object to the optional config?
Because it is insecure. It is for this reason that the PROXY spec explicitly
states that "The receiver ... MUST no
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #22 from Tim ---
Mark Thomas: Why do you object to the optional config?
I'm asking because we have our servers behind a load balancer but we often send
test requests to individual servers. It would make sense to me to accept proxy
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #21 from Mark Thomas ---
In its current form? Unlikely. A quick look identifies several issues:
- The patch no longer applies cleanly. It needs to be updated to work with the
latest 9.0.x code.
- The optional configuration is inher
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #20 from Emanuel ---
hi, are there any plans to commit these changes into new tomcat releases?
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
Emanuel changed:
What|Removed |Added
CC||emanuel.ga...@hws-gruppe.de
--
You are rece
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
Matafagafo changed:
What|Removed |Added
CC||matafag...@yahoo.com
--
You are receivin
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
asanc...@mga.es changed:
What|Removed |Added
CC|asanc...@mga.es |
--
You are receiving this mail beca
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
asanc...@mga.es changed:
What|Removed |Added
CC||asanc...@mga.es
--
You are receiving
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #19 from kycro...@gmail.com ---
Created attachment 35535
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35535&action=edit
Source and JAR for proxy protocol support for 8.5.23
I've attached a new tomcat-coyote jar, with sourc
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #18 from Christopher Schultz ---
The PROXY protocol should be "easy" to roll into an existing class: just have a
look at the first few bytes of a request to see if it's got a valid "PROXY"
command in there. If so, validate the sourc
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #17 from Rob ---
Would it make sense to create a new protocol object either containing or
derived from Http11NioProtocol (e.g. ProxyHttp11NioProtocol)? That would avoid
put the proxy protocol code in a class by itself. I have no i
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #16 from Axel U ---
Is there an update on adding PROXY protocol support?
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscrib
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #15 from Christopher Schultz ---
My work on this stalled while I worked with Dan @ httpd on his patches.
Ironically, as he was trying to merge his patch set, he discovered that someone
else had built the same capabilities and commit
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #14 from Igor Cicimov ---
Hi,
Just wonder about the status on this?
Thanks,
Igor
--
You are receiving this mail because:
You are the assignee for the bug.
-
To
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #13 from Christopher Schultz ---
Since I'm working with Daniel Ruggeri @ httpd, I've got an AWS lb set up for
testing. I should be able to apply your patch and test it... soon. Sorry for
the delay on this. Lots to do at $work.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
bon...@gmail.com changed:
What|Removed |Added
CC||bon...@gmail.com
--
You are receivi
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
SATOH Fumiyasu changed:
What|Removed |Added
CC||fumiyas-u-apa...@sfo.jp
--
You are r
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #12 from Christopher Schultz ---
Awesome. I should be able to do some testing using Amazon ELB, which I expect
was the impetus for this work.
--
You are receiving this mail because:
You are the assignee for the bug.
-
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #11 from kycro...@gmail.com ---
Created attachment 33738
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33738&action=edit
SVN patch, source code, and jar file
+1
Also
I've attached a zip file containing:
tomcat-coyote-
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #10 from Christopher Schultz ---
Whoops, sorry. I confused this with a similar httpd enhancement request. Please
ignore comment #9 (and this one, too).
--
You are receiving this mail because:
You are the assignee for the bug.
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #9 from Christopher Schultz ---
I think Daniel Ruggeri did some work on this. He's been waiting for some
feedback from me. Maybe I should get on that!
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #8 from Axel Fontaine ---
+1
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.or
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #7 from Bill Barker ---
(In reply to Christopher Schultz from comment #6)
> (In reply to Bill Barker from comment #5)
> > Ok, so I miss read the spec. After reading the spec again, I have lost all
> > interest in this issue.
>
> I
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #6 from Christopher Schultz ---
(In reply to Bill Barker from comment #5)
> Ok, so I miss read the spec. After reading the spec again, I have lost all
> interest in this issue.
I'm curious: does this simply not interest you, or do
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #5 from Bill Barker ---
Ok, so I miss read the spec. After reading the spec again, I have lost all
interest in this issue.
--
You are receiving this mail because:
You are the assignee for the bug.
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #4 from Christopher Schultz ---
(In reply to Bill Barker from comment #3)
> That means that the "PROXY ..." line is encrypted
> over SSL/TSL just like everything else in the payload. This in turn means
> that all of the code that i
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #3 from Bill Barker ---
(In reply to Mark Thomas from comment #1)
> Moving this to an enhancement request.
>
> I can see the benefit of this but is would be non-trivial to implement -
> particularly for HTTPS.
>
> For NIO and NIO2
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
--- Comment #2 from Christopher Schultz ---
+1 to adding this enhancement.
Without this feature, AWS ELB won't send anything about an ELB-terminated TLS
connection through to the server except for the protocol (e.g. TLSv1) and the
remote clien
https://bz.apache.org/bugzilla/show_bug.cgi?id=57830
Mark Thomas changed:
What|Removed |Added
Severity|normal |enhancement
--- Comment #1 from Mark Tho
33 matches
Mail list logo