LGTM :)) On Fri, 5 Mar 2021 at 19:30, <papega...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository. > > papegaaij pushed a commit to branch master > in repository https://gitbox.apache.org/repos/asf/wicket.git > > > The following commit(s) were added to refs/heads/master by this push: > new 84f62a5 Do not try to resolve X-Forwarded-For header > 84f62a5 is described below > > commit 84f62a5cff462eaa3bfaf171b0638c7e7feea30d > Author: Emond Papegaaij <emond.papega...@topicus.nl> > AuthorDate: Fri Mar 5 13:28:15 2021 +0100 > > Do not try to resolve X-Forwarded-For header > > The remote address is reported by HttpServletRequest. Configuration of > this property is normally done via the application server. If this is > somehow not possible, use XForwardedRequestWrapperFactory. > --- > .../protocol/http/request/WebClientInfo.java | 40 > +++------------------- > 1 file changed, 4 insertions(+), 36 deletions(-) > > diff --git > a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java > b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java > index b5d0544..d8e552c 100644 > --- > a/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java > +++ > b/wicket-core/src/main/java/org/apache/wicket/protocol/http/request/WebClientInfo.java > @@ -140,48 +140,16 @@ public class WebClientInfo extends ClientInfo > } > > /** > - * When using ProxyPass, requestCycle().getHttpServletRequest(). > getRemoteAddr() returns the IP > - * of the machine forwarding the request. In order to maintain the > clients ip address, the > - * server places it in the <a > - * href=" > http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers > ">X-Forwarded-For</a> > - * Header. > - * > - * Proxies may also mask the original client IP with tokens like > "hidden" or "unknown". > - * If so, the last proxy ip address is returned. > + * Returns the IP address from {@code > HttpServletRequest.getRemoteAddr()}. > * > * @param requestCycle > * the request cycle > - * @return remoteAddr IP address of the client, using the > X-Forwarded-For header and defaulting > - * to: getHttpServletRequest().getRemoteAddr() > + * @return remoteAddr IP address of the client, using > + * {@code getHttpServletRequest().getRemoteAddr()} > */ > protected String getRemoteAddr(RequestCycle requestCycle) > { > ServletWebRequest request = > (ServletWebRequest)requestCycle.getRequest(); > - HttpServletRequest req = request.getContainerRequest(); > - String remoteAddr = request.getHeader("X-Forwarded-For"); > - > - if (remoteAddr != null) > - { > - if (remoteAddr.contains(",")) > - { > - // sometimes the header is of form client > ip,proxy 1 ip,proxy 2 ip,...,proxy n ip, > - // we just want the client > - remoteAddr = Strings.split(remoteAddr, > ',')[0].trim(); > - } > - try > - { > - // If ip4/6 address string handed over, > simply does pattern validation. > - InetAddress.getByName(remoteAddr); > - } > - catch (UnknownHostException e) > - { > - remoteAddr = req.getRemoteAddr(); > - } > - } > - else > - { > - remoteAddr = req.getRemoteAddr(); > - } > - return remoteAddr; > + return request.getContainerRequest().getRemoteAddr(); > } > } > > -- Best regards, Maxim
