This makes perfect sense. I tested my regex, just against wrong engine. Thanks for pointing me in the right direction
-----Oorspronkelijk bericht----- Van: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Verzonden: 20 December 2017 15:19 Aan: Tomcat Users List <users@tomcat.apache.org> Onderwerp: Re: internalProxies regex 2017-12-20 11:37 GMT+03:00 Harrie Robins <har...@eyequestion.nl>: > Hello everyone, > > > > I have a question about the remoteipvalve in tomcat 8.5: > https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valve > s/Remo > teIpValve.html > > > > > internalProxies > > Regular expression that matches the IP addresses of internal proxies. > If they appear in the remoteIpHeader value, they will be trusted and > will not appear in the proxiesHeader value > > RemoteIPInternalProxy > > Regular expression (in the syntax supported by java.util.regex) > > 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| > 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| > 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| > 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} > By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed. > > > > I need to convert some CIDR ranges to regex: > > > my concern is that /d{1,3} wil match too many (non exist) addresses > > 103\.21\.24\d[4-7]\.\d[0-9]\d{1,3}|103\.22\.20\d[0-3]\.\d[0-9]\d{1,3}| > 103\.3 > 1\.\d[4-7]\.\d[0-9]\d{1,3} > > > > So I re-wrote using capture groups, below does not function however, > and I assume it is due to OR (|) which tomcat will affectively see as a new > entry? > So I tried escaping, but I cannot get it to work: > > 103\.21\.(2(4[4-7]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\ > |5[0-5 > ]))|103\.22\.(2(0[0-3]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0 > -9]\|5 > [0-5])) Your assumption that "tomcat will affectively see as a new entry" is wrong. The string is used as whole to initialize a java.util.regex.Pattern(). Tomcat does not split it. You may write a simple program / junit test to test how java.util.regex.Pattern() processes your value. Or you may run Tomcat with debugger, https://wiki.apache.org/tomcat/FAQ/Developing#Debugging https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics#Common_Troubleshooting_Scenario AFAIK, '\|' in a regular expression will be interpreted as expecting literal '|' character in the matched string. No IP address has this character so none will match. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org