On Tue, Sep 25, 2012 at 2:10 AM, Benjamin Steinert
<[email protected]> wrote:
> Hi everyone,
>
> I need you input regarding the Wicket WebClientInfo implementation of
> getRemoteAddr() (extracted from Wicket 1.5.3 but I think it did not
> change in release 6):
>
> ...
> String remoteAddr = request.getHeader("X-Forwarded-For");
> if (remoteAddr == null)
> {
> remoteAddr = req.getRemoteAddr();
> }
> else
> {
> if (remoteAddr.contains(","))
> {
> // we just want the client
> remoteAddr = remoteAddr.split(",")[0].trim();
> }
> }
> return remoteAddr;
>
> I am facing the problem that we get the String "unknown" set by some
> Proxy in the Forwarded-For field.
> According to the IETF draft this is in fact a valid value:
> http://tools.ietf.org/html/draft-petersson-forwarded-for-02#section-6
>
> Now unfortunately the the simple null check prevents falling back to the
> Servlet request based getRemoteAddr which would be more helpful than
> having a String that is no IP Address.
how is an ip address of some proxy in your data center more useful? i
dont think an external proxy would set such a header....
-igor
>
> I would suggest something like
> if (remoteAddr == null ||
> !InetAddressValidator.getInstance().isValid(remoteAddr))
> { ... }
>
> to ensure that the given value is an IP. What would you say? Bug,
> Feature or simply unnecessary? ;)
>
> Cheers
> Ben
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
