[Bug 55553] Proposal: Allow org.apache.catalina.valves.RemoteIpValve to set requests as secure with a transparent SSL termination proxy
https://issues.apache.org/bugzilla/show_bug.cgi?id=3 --- Comment #5 from Mark Thomas --- (In reply to Knut Ytterhaug from comment #4) > Thanks for the quick answers. Unfortunately (for us) we're unable to > configure using different connectors depending on if it's been processed or > not. > > Would a patch adding a boolean property making the valve process headers > when no trusted proxy had been configured be considered? Unlikely. As an aside, any changes to the Valve need to mirrored to the Filter. The users list is the best place to figure out a solution that works for you. I'd be surprised if one wasn't available with existing configuration. Saying which proxy you are using would help. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55553] Proposal: Allow org.apache.catalina.valves.RemoteIpValve to set requests as secure with a transparent SSL termination proxy
https://issues.apache.org/bugzilla/show_bug.cgi?id=3 --- Comment #4 from Knut Ytterhaug --- Thanks for the quick answers. Unfortunately (for us) we're unable to configure using different connectors depending on if it's been processed or not. Would a patch adding a boolean property making the valve process headers when no trusted proxy had been configured be considered? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55553] Proposal: Allow org.apache.catalina.valves.RemoteIpValve to set requests as secure with a transparent SSL termination proxy
https://issues.apache.org/bugzilla/show_bug.cgi?id=3 Mark Thomas changed: What|Removed |Added Status|NEEDINFO|RESOLVED Resolution|--- |WONTFIX --- Comment #3 from Mark Thomas --- Then the solution is to configure two http connectors on separate ports: one for direct http traffic and one for http traffic that has been processed by the transparent proxy. If you want the http and https requests to share a common thread pool then an executor can be configured. The proposed patch would result in the the valve processing headers when no trusted proxy had been configured and I am concerned that some users may be caught out by this and end up with an insecure configuration - even if this behavior is documented. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55553] Proposal: Allow org.apache.catalina.valves.RemoteIpValve to set requests as secure with a transparent SSL termination proxy
https://issues.apache.org/bugzilla/show_bug.cgi?id=3 --- Comment #2 from Knut Ytterhaug --- We need our tomcats to be able to serve the same content both on http and https and would like our applications to be able to use request.isSecure() to handle redirects etc accordingly. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55553] Proposal: Allow org.apache.catalina.valves.RemoteIpValve to set requests as secure with a transparent SSL termination proxy
https://issues.apache.org/bugzilla/show_bug.cgi?id=3 Mark Thomas changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Mark Thomas --- In that case why can't you just set secure on the connector? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
