Hi all,
I plan to integrate this PR. I adressed the comments of Martin except
for the constants name casing, which I wanted to keep conskistent in the
file for now.
If anyone needs more time to review, please let me know. Any feedback
highly welcome.
Since IMHO it is useful for all branches, I would also backport it.
Thanks and regards,
Rainer
Am 06.12.2020 um 16:20 schrieb GitBox:
rainerjung opened a new pull request #385:
URL: https://github.com/apache/tomcat/pull/385
It contains the IP address of the direct connection peer.
If a reverse proxy sits in front of Tomcat and the protocol
used is AJP or HTTP in combination with the RemoteIp(Valve|Filter),
the peer address might differ from the remoteAddress.
The latter then contains the address of the client in front of the
reverse proxy, not the address of the proxy itself.
Support for the peer address has been added to the
RemoteAddrValve and RemoteCIDRValve with the new attribute
"usePeerAddress". This can be used to restrict access
to Tomcat bsed on the reverse proxy IP address, which is especially
useful to harden access to AJP connecrtors.
The peer address can also be logged in the access log
using the new %{peer}a syntax.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
