[
https://issues.apache.org/jira/browse/GUACAMOLE-784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Jumper updated GUACAMOLE-784:
-------------------------------------
Summary: Tolerate port number within X-Forwarded-For header (was: Modify
Regex for X-Forwarded-for to parse IP:Port)
> Tolerate port number within X-Forwarded-For header
> --------------------------------------------------
>
> Key: GUACAMOLE-784
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-784
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client
> Affects Versions: 1.0.0
> Environment: Azure App Service
> Reporter: Stefan
> Priority: Minor
>
> Dear all
> First of all, I am sorry that I messed up with your usual process. Please
> delete the Pull-Request, so that everything goes the right way. It was not
> my intention to make troubles.
> Now about the topic. We want to run the guacamole-client in an Azue Web
> Service. That is a Service where MS provides everything up to the
> Tomcat-Server as a Service. You just have to place the war-File on the right
> position.
> It is working fine so far. But one of the issues is that the
> “X-Forwarded-for”-Header which is forwarded to the guacamole-client contains
> also the Source-Port number. Because of that only the Tomcat-Server-IP is
> shown in the History of the guacamole-client. According the REGEX in the
> source file
> “[guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java|https://github.com/apache/guacamole-client/pull/398/files/51035d377ec9b6c8a9260c3df73051173065ace2#diff-48e5eab88e3f0e708348fb5f3a353b94]”
> the client just can handle Header with IPs only. We thought about the
> possibility to expand these regexes.
> I agree with mike-jumper that everybody should fulfill the standard, which
> define that only the IP is in this header. We contacted MS, but the thing is,
> we don’t aspect any “fast” reaction or change on Azure to solve this topic.
> I also agree that the change should be well planned, not to screw up
> something else.
> Original Comment from mike-jumper
> {quote}
> Both {{IPV4_ADDRESS_REGEX}} and {{IPV6_ADDRESS_REGEX}} are documented here as
> matching IP addresses. Altering them such that they also accept port numbers
> will mean that the documentation becomes incorrect. If the change proposed
> here is correct, then that documentation needs to be updated to match.
> However:
> Duplicating the same pattern across both {{IPV4_ADDRESS_REGEX}} and
> {{IPV6_ADDRESS_REGEX}} is suboptimal. There are other patterns which would be
> better homes for this change and avoid duplication, but again: modifying
> something that is essentially named "IP address" and documented as matching
> IP addresses such that it also matches port numbers isn't complete in itself.
> That change would need to be followed through such that the documentation and
> naming are correct.
> The de facto {{X-Forwarded-For}} header is defined as a list of IP addresses,
> not a list of IP addresses with optional port numbers:
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
> https://en.wikipedia.org/wiki/X-Forwarded-For
> If there are real world cases where a port number is included, please provide
> some background information when you open the corresponding issue in JIRA so
> the reasoning for your proposed change can be understood.
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
