Author: markt Date: Fri Jun 1 16:51:48 2018 New Revision: 1832707 URL: http://svn.apache.org/viewvc?rev=1832707&view=rev Log: Add the IPv6 loopback address to the default internalProxies regular expression. Patch by Craig Andrews. This closes #111
Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/filter.xml tomcat/trunk/webapps/docs/config/valve.xml Modified: tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java?rev=1832707&r1=1832706&r2=1832707&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java (original) +++ tomcat/trunk/java/org/apache/catalina/filters/RemoteIpFilter.java Fri Jun 1 16:51:48 2018 @@ -113,9 +113,10 @@ import org.apache.juli.logging.LogFactor * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| - * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}| + * 0:0:0:0:0:0:0:1 * <br> - * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.</td> + * By default, 10/8, 192.168/16, 169.254/16, 127/8, 172.16/12, and 0:0:0:0:0:0:0:1 are allowed.</td> * </tr> * <tr> * <td>proxiesHeader</td> @@ -724,7 +725,8 @@ public class RemoteIpFilter extends Gene "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + - "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"); + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" + + "0:0:0:0:0:0:0:1"); /** * @see #setProtocolHeader(String) @@ -1041,7 +1043,7 @@ public class RemoteIpFilter extends Gene * Regular expression that defines the internal proxies. * </p> * <p> - * Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254.\d{1,3}.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} + * Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254.\d{1,3}.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1 * </p> * @param internalProxies The regexp */ Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1832707&r1=1832706&r2=1832707&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java (original) +++ tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java Fri Jun 1 16:51:48 2018 @@ -92,9 +92,10 @@ import org.apache.tomcat.util.http.MimeH * <td>10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| * 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| * 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| - * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + * 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}| + * 0:0:0:0:0:0:0:1 * <br> - * By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed.</td> + * By default, 10/8, 192.168/16, 169.254/16, 127/8, 172.16/12, and ::1 are allowed.</td> * </tr> * <tr> * <td>proxiesHeader</td> @@ -412,7 +413,8 @@ public class RemoteIpValve extends Valve "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" + - "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"); + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" + + "0:0:0:0:0:0:0:1"); /** * @see #setProtocolHeader(String) @@ -754,7 +756,7 @@ public class RemoteIpValve extends Valve * Regular expression that defines the internal proxies. * </p> * <p> - * Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254.\d{1,3}.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3} + * Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254.\d{1,3}.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1 * </p> * @param internalProxies The proxy regular expression */ Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1832707&r1=1832706&r2=1832707&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Fri Jun 1 16:51:48 2018 @@ -132,6 +132,11 @@ becoming associated with a web application class loader causing log messages to be lost if the web application is stopped. (markt) </fix> + <add> + <bug>62389</bug>: Add the IPv6 loopback address to the default + <code>internalProxies</code> regular expression. Patch by Craig Andrews. + (markt) + </add> </changelog> </subsection> <subsection name="Coyote"> Modified: tomcat/trunk/webapps/docs/config/filter.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1832707&r1=1832706&r2=1832707&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/filter.xml (original) +++ tomcat/trunk/webapps/docs/config/filter.xml Fri Jun 1 16:51:48 2018 @@ -1554,7 +1554,7 @@ FINE: Request "/docs/config/manager.html Internal proxies that appear in the <strong>remoteIpHeader</strong> will be trusted and will not appear in the <strong>proxiesHeader</strong> value. If not specified the default value of <code> - 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1 </code> will be used.</p> </attribute> Modified: tomcat/trunk/webapps/docs/config/valve.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1832707&r1=1832706&r2=1832707&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/valve.xml (original) +++ tomcat/trunk/webapps/docs/config/valve.xml Fri Jun 1 16:51:48 2018 @@ -964,7 +964,7 @@ Internal proxies that appear in the <strong>remoteIpHeader</strong> will be trusted and will not appear in the <strong>proxiesHeader</strong> value. If not specified the default value of <code> - 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} + 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1 </code> will be used.</p> </attribute> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org