Yes, there are two reasons:
1) The Tomcat valves operate on all webapps. We only need/require this
for one particular webapp without affecting the others.
2) The code has been simplified for illustration purposes. Besides
X-Forwarded-For, we detect and work around many other custom external
mobile proxies which do not use X-Forwarded-For and require custom
Geolocation code to detect the ISP and connection type (Google
Compression Proxy, Nokia OVI, Novarra, Lotus Flare, Opera Mini, Opera
Max, Samsung Max, etc.) - this kind of customization is not possible
without custom code. This filter is not meant for detecting internal
proxies within our control (such as Apache front ends or load
balancers), but rather public proxies which are "transparently" (not
really) used via some mobile devices and services.
*
Manuel Dominguez Sarmiento*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Manuel,
On 2/5/20 12:12 PM, Manuel Dominguez Sarmiento wrote:
Our filter is not doing anything fancy (and it has always worked
correctly before we ran into this bug). In pseudo-code:
public doFilter(request, response) {
String ip = request.getRemoteAddr(); boolean isProxy =
isProxy(ip); if (isProxy) { String unwrappedIP =
unwrapXForwardedFor(request); chain.doFilter(new
MobileProxyHidingServletRequestWrapper(request, unwrappedIP),
response); } else { chain.doFilter(request, response); } }
All that MobileProxyHidingServletRequestWrapper is override
getRemoteAddr() returning unwrappedIP instead of delegating to the
actual request, while unwrapXForwardedFor() does what the name
suggests, which is processing X-Forwarded-For to obtain the
originating IP before it hit the detected proxy.
Any reason not to use the valves Tomcat provides to do pretty much
this exact thing?
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_IP_Val
ve
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl47AfoACgkQHPApP6U8
pFgywBAAxq4KZaxhO/X0EaoA3G3TDKURbDSrA2Hbke0QVgP3tX6QX6MDMEkbqTuv
x4S1xgXeNgWNIE9Dy62t4ciC6VZ21v6Rl4JMTOmtUO0ES+OBNTSYXstA1ZywBoMD
bRXHNjjdPtxAhhqQblfpKter+vn/k/PZ+45GgZSLNMrrJR+1idAafWs7YwpCHxfL
zh+C5C3uHu+bznCiOF/NQQ5d3/0mHyOj5nSpYx2ImSH+rgj0/Ch5w43L4chD1Lqj
aw2sqqC2z4Fzp3R8uNX/uMRV4flck9KILrfOe00BrMGVfPVuDDGa2J4NhSTs0oNx
Pda5j19QAP6wh6vIKH5KVM8fUWcb5KthcT34cxKttFl3gL0EedE40y97PHKxihJ5
BaT9M3MD0Lsh/mtgrSGcxHU1G0Vs5hHw9e9Zm0XqgQeLsuIALnSHcFyQcGBY05sH
9jljk/l+iMIp9xi3fXyCgYHRpCvbwOuT92V4pMYmwLCzvpfIrVspTi+7AxzbipBV
7tTvH4om0PSchj+Gj3ayOkQZsAyDZbJXbV4izxN3p1c8AJT5ZUmJnYqpKNtfAJpW
w/3OxIXoTUq3bbpb6AHrJe36+QU6+/C2WNqLBcevElr6T1oObKfzy1CjoUHxUQCm
wWxrSFac6atc56mVuPYAjs1DZ0sKpvts/ih6AwDF8+0jBzeJX+g=
=5GpE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org