Hi everyone,
I need you input regarding the Wicket WebClientInfo implementation of
getRemoteAddr() (extracted from Wicket 1.5.3 but I think it did not
change in release 6):
...
String remoteAddr = request.getHeader("X-Forwarded-For");
if (remoteAddr == null)
{
remoteAddr = req.getRemoteAddr();
}
else
{
if (remoteAddr.contains(","))
{
// we just want the client
remoteAddr = remoteAddr.split(",")[0].trim();
}
}
return remoteAddr;
I am facing the problem that we get the String "unknown" set by some
Proxy in the Forwarded-For field.
According to the IETF draft this is in fact a valid value:
http://tools.ietf.org/html/draft-petersson-forwarded-for-02#section-6
Now unfortunately the the simple null check prevents falling back to the
Servlet request based getRemoteAddr which would be more helpful than
having a String that is no IP Address.
I would suggest something like
if (remoteAddr == null ||
!InetAddressValidator.getInstance().isValid(remoteAddr))
{ ... }
to ensure that the given value is an IP. What would you say? Bug,
Feature or simply unnecessary? ;)
Cheers
Ben
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
