[
https://issues.apache.org/jira/browse/GUACAMOLE-784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Jumper updated GUACAMOLE-784:
-------------------------------------
Description:
Dear all
First of all, I am sorry that I messed up with your usual process. Please
delete the Pull-Request, so that everything goes the right way. It was not my
intention to make troubles.
Now about the topic. We want to run the guacamole-client in an Azue Web
Service. That is a Service where MS provides everything up to the Tomcat-Server
as a Service. You just have to place the war-File on the right position.
It is working fine so far. But one of the issues is that the
“X-Forwarded-for”-Header which is forwarded to the guacamole-client contains
also the Source-Port number. Because of that only the Tomcat-Server-IP is
shown in the History of the guacamole-client. According the REGEX in the source
file
“[guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java|https://github.com/apache/guacamole-client/pull/398/files/51035d377ec9b6c8a9260c3df73051173065ace2#diff-48e5eab88e3f0e708348fb5f3a353b94]”
the client just can handle Header with IPs only. We thought about the
possibility to expand these regexes.
I agree with mike-jumper that everybody should fulfill the standard, which
define that only the IP is in this header. We contacted MS, but the thing is,
we don’t aspect any “fast” reaction or change on Azure to solve this topic.
I also agree that the change should be well planned, not to screw up something
else.
Original Comment from mike-jumper
{quote}
Both {{IPV4_ADDRESS_REGEX}} and {{IPV6_ADDRESS_REGEX}} are documented here as
matching IP addresses. Altering them such that they also accept port numbers
will mean that the documentation becomes incorrect. If the change proposed here
is correct, then that documentation needs to be updated to match. However:
Duplicating the same pattern across both {{IPV4_ADDRESS_REGEX}} and
{{IPV6_ADDRESS_REGEX}} is suboptimal. There are other patterns which would be
better homes for this change and avoid duplication, but again: modifying
something that is essentially named "IP address" and documented as matching IP
addresses such that it also matches port numbers isn't complete in itself. That
change would need to be followed through such that the documentation and naming
are correct.
The de facto {{X-Forwarded-For}} header is defined as a list of IP addresses,
not a list of IP addresses with optional port numbers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
https://en.wikipedia.org/wiki/X-Forwarded-For
If there are real world cases where a port number is included, please provide
some background information when you open the corresponding issue in JIRA so
the reasoning for your proposed change can be understood.
{quote}
was:
Dear all
First of all, I am sorry that I messed up with your usual process. Please
delete the Pull-Request, so that everything goes the right way. It was not my
intention to make troubles.
Now about the topic. We want to run the guacamole-client in an Azue Web
Service. That is a Service where MS provides everything up to the Tomcat-Server
as a Service. You just have to place the war-File on the right position.
It is working fine so far. But one of the issues is that the
“X-Forwarded-for”-Header which is forwarded to the guacamole-client contains
also the Source-Port number. Because of that only the Tomcat-Server-IP is
shown in the History of the guacamole-client. According the REGEX in the source
file
“[guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java|https://github.com/apache/guacamole-client/pull/398/files/51035d377ec9b6c8a9260c3df73051173065ace2#diff-48e5eab88e3f0e708348fb5f3a353b94]”
the client just can handle Header with IPs only. We thought about the
possibility to expand these regexes.
I agree with mike-jumper that everybody should fulfill the standard, which
define that only the IP is in this header. We contacted MS, but the thing is,
we don’t aspect any “fast” reaction or change on Azure to solve this topic.
I also agree that the change should be well planned, not to screw up something
else.
Original Comment from mike-jumper
Both IPV4_ADDRESS_REGEX and IPV6_ADDRESS_REGEX are documented here as matching
IP addresses. Altering them such that they also accept port numbers will mean
that the documentation becomes incorrect. If the change proposed here is
correct, then that documentation needs to be updated to match. However:
Duplicating the same pattern across both IPV4_ADDRESS_REGEX and
IPV6_ADDRESS_REGEX is suboptimal. There are other patterns which would be
better homes for this change and avoid duplication, but again: modifying
something that is essentially named "IP address" and documented as matching IP
addresses such that it also matches port numbers isn't complete in itself. That
change would need to be followed through such that the documentation and naming
are correct.
The de facto X-Forwarded-For header is defined as a list of IP addresses, not a
list of IP addresses with optional port numbers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
https://en.wikipedia.org/wiki/X-Forwarded-For
If there are real world cases where a port number is included, please provide
some background information when you open the corresponding issue in JIRA so
the reasoning for your proposed change can be understood.
> Modify Regex for X-Forwarded-for to parse IP:Port
> -------------------------------------------------
>
> Key: GUACAMOLE-784
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-784
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client
> Affects Versions: 1.0.0
> Environment: Azure App Service
> Reporter: Stefan
> Priority: Minor
>
> Dear all
> First of all, I am sorry that I messed up with your usual process. Please
> delete the Pull-Request, so that everything goes the right way. It was not
> my intention to make troubles.
> Now about the topic. We want to run the guacamole-client in an Azue Web
> Service. That is a Service where MS provides everything up to the
> Tomcat-Server as a Service. You just have to place the war-File on the right
> position.
> It is working fine so far. But one of the issues is that the
> “X-Forwarded-for”-Header which is forwarded to the guacamole-client contains
> also the Source-Port number. Because of that only the Tomcat-Server-IP is
> shown in the History of the guacamole-client. According the REGEX in the
> source file
> “[guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java|https://github.com/apache/guacamole-client/pull/398/files/51035d377ec9b6c8a9260c3df73051173065ace2#diff-48e5eab88e3f0e708348fb5f3a353b94]”
> the client just can handle Header with IPs only. We thought about the
> possibility to expand these regexes.
> I agree with mike-jumper that everybody should fulfill the standard, which
> define that only the IP is in this header. We contacted MS, but the thing is,
> we don’t aspect any “fast” reaction or change on Azure to solve this topic.
> I also agree that the change should be well planned, not to screw up
> something else.
> Original Comment from mike-jumper
> {quote}
> Both {{IPV4_ADDRESS_REGEX}} and {{IPV6_ADDRESS_REGEX}} are documented here as
> matching IP addresses. Altering them such that they also accept port numbers
> will mean that the documentation becomes incorrect. If the change proposed
> here is correct, then that documentation needs to be updated to match.
> However:
> Duplicating the same pattern across both {{IPV4_ADDRESS_REGEX}} and
> {{IPV6_ADDRESS_REGEX}} is suboptimal. There are other patterns which would be
> better homes for this change and avoid duplication, but again: modifying
> something that is essentially named "IP address" and documented as matching
> IP addresses such that it also matches port numbers isn't complete in itself.
> That change would need to be followed through such that the documentation and
> naming are correct.
> The de facto {{X-Forwarded-For}} header is defined as a list of IP addresses,
> not a list of IP addresses with optional port numbers:
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
> https://en.wikipedia.org/wiki/X-Forwarded-For
> If there are real world cases where a port number is included, please provide
> some background information when you open the corresponding issue in JIRA so
> the reasoning for your proposed change can be understood.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
