[
https://issues.apache.org/jira/browse/GUACAMOLE-784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16830506#comment-16830506
]
Michael Jumper commented on GUACAMOLE-784:
------------------------------------------
Makes sense. If there exists software that is appending a port number to the IP
addresses included within {{X-Forwarded-For}}, I don't see any reason that
Guacamole shouldn't be tolerant of that.
> Modify Regex for X-Forwarded-for to parse IP:Port
> -------------------------------------------------
>
> Key: GUACAMOLE-784
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-784
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client
> Affects Versions: 1.0.0
> Environment: Azure App Service
> Reporter: Stefan
> Priority: Minor
>
> Dear all
> First of all, I am sorry that I messed up with your usual process. Please
> delete the Pull-Request, so that everything goes the right way. It was not
> my intention to make troubles.
> Now about the topic. We want to run the guacamole-client in an Azue Web
> Service. That is a Service where MS provides everything up to the
> Tomcat-Server as a Service. You just have to place the war-File on the right
> position.
> It is working fine so far. But one of the issues is that the
> “X-Forwarded-for”-Header which is forwarded to the guacamole-client contains
> also the Source-Port number. Because of that only the Tomcat-Server-IP is
> shown in the History of the guacamole-client. According the REGEX in the
> source file
> “[guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java|https://github.com/apache/guacamole-client/pull/398/files/51035d377ec9b6c8a9260c3df73051173065ace2#diff-48e5eab88e3f0e708348fb5f3a353b94]”
> the client just can handle Header with IPs only. We thought about the
> possibility to expand these regexes.
> I agree with mike-jumper that everybody should fulfill the standard, which
> define that only the IP is in this header. We contacted MS, but the thing is,
> we don’t aspect any “fast” reaction or change on Azure to solve this topic.
> I also agree that the change should be well planned, not to screw up
> something else.
>
> Original Comment from mike-jumper
> Both IPV4_ADDRESS_REGEX and IPV6_ADDRESS_REGEX are documented here as
> matching IP addresses. Altering them such that they also accept port numbers
> will mean that the documentation becomes incorrect. If the change proposed
> here is correct, then that documentation needs to be updated to match.
> However:
>
> Duplicating the same pattern across both IPV4_ADDRESS_REGEX and
> IPV6_ADDRESS_REGEX is suboptimal. There are other patterns which would be
> better homes for this change and avoid duplication, but again: modifying
> something that is essentially named "IP address" and documented as matching
> IP addresses such that it also matches port numbers isn't complete in itself.
> That change would need to be followed through such that the documentation and
> naming are correct.
>
> The de facto X-Forwarded-For header is defined as a list of IP addresses, not
> a list of IP addresses with optional port numbers:
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
> https://en.wikipedia.org/wiki/X-Forwarded-For
> If there are real world cases where a port number is included, please provide
> some background information when you open the corresponding issue in JIRA so
> the reasoning for your proposed change can be understood.
>
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
