Hi, Please file a ticket to improve this. Thanks!
On Tue, Sep 25, 2012 at 12:10 PM, Benjamin Steinert <benjamin.stein...@comsysto.com> wrote: > Hi everyone, > > I need you input regarding the Wicket WebClientInfo implementation of > getRemoteAddr() (extracted from Wicket 1.5.3 but I think it did not > change in release 6): > > ... > String remoteAddr = request.getHeader("X-Forwarded-For"); > if (remoteAddr == null) > { > remoteAddr = req.getRemoteAddr(); > } > else > { > if (remoteAddr.contains(",")) > { > // we just want the client > remoteAddr = remoteAddr.split(",")[0].trim(); > } > } > return remoteAddr; > > I am facing the problem that we get the String "unknown" set by some > Proxy in the Forwarded-For field. > According to the IETF draft this is in fact a valid value: > http://tools.ietf.org/html/draft-petersson-forwarded-for-02#section-6 > > Now unfortunately the the simple null check prevents falling back to the > Servlet request based getRemoteAddr which would be more helpful than > having a String that is no IP Address. > > I would suggest something like > if (remoteAddr == null || > !InetAddressValidator.getInstance().isValid(remoteAddr)) > { ... } > > to ensure that the given value is an IP. What would you say? Bug, > Feature or simply unnecessary? ;) > > Cheers > Ben > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org