/* * Copyright 2009 Xebia and the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package fr.xebia.servlet.filter; import java.io.IOException; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.regex.Pattern; import java.util.regex.PatternSyntaxException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** *

* Servlet filter to integrate "X-Forwarded-For" and "X-Forwarded-Proto" HTTP headers. *

*

* Most of the design of this Servlet Filter is a port of mod_remoteip, this servlet filter replaces the apparent client remote * IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via a request headers (e.g. * "X-Forwarded-For"). *

*

* Another feature of this servlet filter is to replace the apparent scheme (http/https) and server port with the scheme presented by a * proxy or a load balancer via a request header (e.g. "X-Forwarded-Proto"). *

*

* This servlet filter proceeds as follows: *

*

* If the incoming request.getRemoteAddr() matches the servlet filter's list of internal proxies : *

*

*

* Configuration parameters: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
XForwardedFilter propertyDescriptionEquivalent mod_remoteip directiveFormatDefault Value
remoteIPHeaderName of the Http Header read by this servlet filter that holds the list of traversed IP addresses starting from the requesting client * RemoteIPHeaderCompliant http header namex-forwarded-for
allowedInternalProxiesList of internal proxies ip adress. If they appear in the remoteIpHeader value, they will be trusted and will not appear * in the proxiesHeader valueRemoteIPInternalProxyComma delimited list of regular expressions (in the syntax supported by the {@link java.util.regex.Pattern} library)10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, * 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3}
* By default, 10/8, 192.168/16, 172.16/12, 169.254/16 and 127/8 are allowed
proxiesHeaderName of the http header created by this servlet filter to hold the list of proxies that have been processed in the incoming * remoteIPHeaderRemoteIPProxiesHeaderCompliant http header namex-forwarded-by
trustedProxiesList of trusted proxies ip adress. If they appear in the remoteIpHeader value, they will be trusted and will appear in * the proxiesHeader valueRemoteIPTrustedProxyComma delimited list of regular expressions (in the syntax supported by the {@link java.util.regex.Pattern} library) 
protocolHeaderName of the http header read by this servlet filter that holds the flag that this requestN/ACompliant http header name like X-Forwarded-Proto, X-Forwarded-Ssl or Front-End-Httpsnull
protocolHeaderHttpsValueValue of the protocolHeader to indicate that it is an Https requestN/AString like https or ONhttps
*

*

*

* Regular expression vs. IP address blocks: mod_remoteip allows to use address blocks (e.g. * 192.168/16) to configure RemoteIPInternalProxy and RemoteIPTrustedProxy ; as the JVM doesnt have a * library similar to apr_ipsubnet_test. *

*
*

* Sample with internal proxies *

*

* XForwardedFilter configuration: *

* 
 * <filter>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <filter-class>fr.xebia.servlet.filter.XForwardedFilter</filter-class>
 *    <init-param>
 *       <param-name>allowedInternalProxies</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPHeader</param-name><param-value>x-forwarded-for</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPProxiesHeader</param-name><param-value>x-forwarded-by</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>protocolHeader</param-name><param-value>x-forwarded-proto</param-value>
 *    </init-param>
 * </filter>
 * 
 * <filter-mapping>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <url-pattern>/*</url-pattern>
 *    <dispatcher>REQUEST</dispatcher>
 * </filter-mapping>
 *

* Request values: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
propertyValue Before XForwardedFilterValue After XForwardedFilter
request.remoteAddr192.168.0.10140.211.11.130
request.header['x-forwarded-for']140.211.11.130, 192.168.0.10null
request.header['x-forwarded-by']nullnull
request.header['x-forwarded-proto']httpshttps
request.schemehttphttps
request.securefalsetrue
request.serverPort80443
* Note : x-forwarded-by header is null because only internal proxies as been traversed by the request. * x-forwarded-by is null because all the proxies are trusted or internal. *

*
*

* Sample with trusted proxies *

*

* XForwardedFilter configuration: *

* 
 * <filter>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <filter-class>fr.xebia.servlet.filter.XForwardedFilter</filter-class>
 *    <init-param>
 *       <param-name>allowedInternalProxies</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPHeader</param-name><param-value>x-forwarded-for</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPProxiesHeader</param-name><param-value>x-forwarded-by</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>trustedProxies</param-name><param-value>proxy1, proxy2</param-value>
 *    </init-param>
 * </filter>
 * 
 * <filter-mapping>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <url-pattern>/*</url-pattern>
 *    <dispatcher>REQUEST</dispatcher>
 * </filter-mapping>
 *

* Request values: * * * * * * * * * * * * * * * * * * * * * *
propertyValue Before XForwardedFilterValue After XForwardedFilter
request.remoteAddr192.168.0.10140.211.11.130
request.header['x-forwarded-for']140.211.11.130, proxy1, proxy2null
request.header['x-forwarded-by']nullproxy1, proxy2
* Note : proxy1 and proxy2 are both trusted proxies that come in x-forwarded-for header, they both * are migrated in x-forwarded-by header. x-forwarded-by is null because all the proxies are trusted or internal. *

*
*

* Sample with internal and trusted proxies *

*

* XForwardedFilter configuration: *

* 
 * <filter>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <filter-class>fr.xebia.servlet.filter.XForwardedFilter</filter-class>
 *    <init-param>
 *       <param-name>allowedInternalProxies</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPHeader</param-name><param-value>x-forwarded-for</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPProxiesHeader</param-name><param-value>x-forwarded-by</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>trustedProxies</param-name><param-value>proxy1, proxy2</param-value>
 *    </init-param>
 * </filter>
 * 
 * <filter-mapping>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <url-pattern>/*</url-pattern>
 *    <dispatcher>REQUEST</dispatcher>
 * </filter-mapping>
 *

* Request values: * * * * * * * * * * * * * * * * * * * * * *
propertyValue Before XForwardedFilterValue After XForwardedFilter
request.remoteAddr192.168.0.10140.211.11.130
request.header['x-forwarded-for']140.211.11.130, proxy1, proxy2, 192.168.0.10null
request.header['x-forwarded-by']nullproxy1, proxy2
* Note : proxy1 and proxy2 are both trusted proxies that come in x-forwarded-for header, they both * are migrated in x-forwarded-by header. As 192.168.0.10 is an internal proxy, it does not appear in * x-forwarded-by. x-forwarded-by is null because all the proxies are trusted or internal. *

*
*

* Sample with an untrusted proxy *

*

* XForwardedFilter configuration: *

* 
 * <filter>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <filter-class>fr.xebia.servlet.filter.XForwardedFilter</filter-class>
 *    <init-param>
 *       <param-name>allowedInternalProxies</param-name><param-value>192\.168\.0\.10, 192\.168\.0\.11</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPHeader</param-name><param-value>x-forwarded-for</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>remoteIPProxiesHeader</param-name><param-value>x-forwarded-by</param-value>
 *    </init-param>
 *    <init-param>
 *       <param-name>trustedProxies</param-name><param-value>proxy1, proxy2</param-value>
 *    </init-param>
 * </filter>
 * 
 * <filter-mapping>
 *    <filter-name>XForwardedFilter</filter-name>
 *    <url-pattern>/*</url-pattern>
 *    <dispatcher>REQUEST</dispatcher>
 * </filter-mapping>
 *

* Request values: * * * * * * * * * * * * * * * * * * * * * *
propertyValue Before XForwardedFilterValue After XForwardedFilter
request.remoteAddr192.168.0.10untrusted-proxy
request.header['x-forwarded-for']140.211.11.130, untrusted-proxy, proxy1140.211.11.130
request.header['x-forwarded-by']nullproxy1
* Note : x-forwarded-by holds the trusted proxy proxy1. x-forwarded-by holds * 140.211.11.130 because untrusted-proxy is not trusted and thus, we can not trust that * untrusted-proxy is the actual remote ip. request.remoteAddr is untrusted-proxy that is an IP * verified by proxy1. *

*
*/ public class XForwardedFilter implements Filter { public static class XForwardedRequest extends HttpServletRequestWrapper { final static ThreadLocal threadLocalDateFormats = new ThreadLocal() { protected SimpleDateFormat[] initialValue() { return new SimpleDateFormat[] { new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US), new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US), new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US) }; }; }; protected Map> headers; protected String remoteAddr; protected String remoteHost; protected String scheme; protected boolean secure; protected int serverPort; @SuppressWarnings("unchecked") public XForwardedRequest(HttpServletRequest request) { super(request); this.remoteAddr = request.getRemoteAddr(); this.remoteHost = request.getRemoteHost(); this.scheme = request.getScheme(); this.secure = request.isSecure(); this.serverPort = request.getServerPort(); headers = new HashMap>(); for (Enumeration headerNames = request.getHeaderNames(); headerNames.hasMoreElements();) { String header = headerNames.nextElement(); headers.put(header, Collections.list(request.getHeaders(header))); } } @Override public long getDateHeader(String name) { String value = getHeader(name); if (value == null) { return -1; } DateFormat[] dateFormats = threadLocalDateFormats.get(); Date date = null; for (int i = 0; ((i < dateFormats.length) && (date == null)); i++) { DateFormat dateFormat = dateFormats[i]; try { date = dateFormat.parse(value); } catch (Exception ParseException) { ; } } if (date == null) { throw new IllegalArgumentException(value); } else { return date.getTime(); } } @Override public String getHeader(String name) { Map.Entry> header = getHeaderEntry(name); if (header == null || header.getValue() == null || header.getValue().isEmpty()) { return null; } else { return header.getValue().get(0); } } protected Map.Entry> getHeaderEntry(String name) { for (Map.Entry> entry : headers.entrySet()) { if (entry.getKey().equalsIgnoreCase(name)) { return entry; } } return null; } @Override public Enumeration getHeaderNames() { return Collections.enumeration(headers.keySet()); } @Override public Enumeration getHeaders(String name) { Map.Entry> header = getHeaderEntry(name); if (header == null || header.getValue() == null) { return Collections.enumeration(Collections.emptyList()); } else { return Collections.enumeration(header.getValue()); } } @Override public int getIntHeader(String name) { String value = getHeader(name); if (value == null) { return -1; } else { return Integer.parseInt(value); } } @Override public String getRemoteAddr() { return this.remoteAddr; } @Override public String getRemoteHost() { return this.remoteHost; } public String getScheme() { return scheme; } public int getServerPort() { return serverPort; } public boolean isSecure() { return secure; } public void removeHeader(String name) { Map.Entry> header = getHeaderEntry(name); if (header != null) { headers.remove(header.getKey()); } } public void setHeader(String name, String value) { List values = Arrays.asList(value); Map.Entry> header = getHeaderEntry(name); if (header == null) { headers.put(name, values); } else { header.setValue(values); } } public void setRemoteAddr(String remoteAddr) { this.remoteAddr = remoteAddr; } public void setRemoteHost(String remoteHost) { this.remoteHost = remoteHost; } public void setScheme(String scheme) { this.scheme = scheme; } public void setSecure(boolean secure) { this.secure = secure; } public void setServerPort(int serverPort) { this.serverPort = serverPort; } } /** * {@link Pattern} for a comma delimited string that support whitespace characters */ private static final Pattern commaSeparatedValuesPattern = Pattern.compile("\\s*,\\s*"); protected static final String HTTP_SERVER_PORT_PARAMETER = "httpServerPort"; protected static final String HTTPS_SERVER_PORT_PARAMETER = "httpsServerPort"; protected static final String INTERNAL_PROXIES_PARAMETER = "allowedInternalProxies"; /** * Logger */ private static final Logger logger = LoggerFactory.getLogger(XForwardedFilter.class); protected static final String PROTOCOL_HEADER_PARAMETER = "protocolHeader"; protected static final String PROTOCOL_HEADER_SSL_VALUE_PARAMETER = "protocolHeaderSslValue"; protected static final String PROXIES_HEADER_PARAMETER = "proxiesHeader"; protected static final String REMOTE_IP_HEADER_PARAMETER = "remoteIPHeader"; protected static final String TRUSTED_PROXIES_PARAMETER = "trustedProxies"; /** * Convert a given comma delimited list of regular expressions into an array of compiled {@link Pattern} * * @return array of patterns (not null) */ protected static Pattern[] commaDelimitedListToPatternArray(String commaDelimitedPatterns) { String[] patterns = commaDelimitedListToStringArray(commaDelimitedPatterns); List patternsList = new ArrayList(); for (String pattern : patterns) { try { patternsList.add(Pattern.compile(pattern)); } catch (PatternSyntaxException e) { throw new IllegalArgumentException("Illegal pattern syntax '" + pattern + "'", e); } } return patternsList.toArray(new Pattern[0]); } /** * Convert a given comma delimited list of regular expressions into an array of String * * @return array of patterns (non null) */ protected static String[] commaDelimitedListToStringArray(String commaDelimitedStrings) { return (commaDelimitedStrings == null || commaDelimitedStrings.length() == 0) ? new String[0] : commaSeparatedValuesPattern .split(commaDelimitedStrings); } /** * Convert an array of strings in a comma delimited string */ protected static String listToCommaDelimitedString(List stringList) { if (stringList == null) { return ""; } StringBuilder result = new StringBuilder(); for (Iterator it = stringList.iterator(); it.hasNext();) { Object element = it.next(); if (element != null) { result.append(element); if (it.hasNext()) { result.append(", "); } } } return result.toString(); } /** * Return true if the given str matches at least one of the given patterns. */ protected static boolean matchesOne(String str, Pattern... patterns) { for (Pattern pattern : patterns) { if (pattern.matcher(str).matches()) { return true; } } return false; } /** * @see #setHttpServerPort(int) */ private int httpServerPort = 80; /** * @see #setHttpsServerPort(int) */ private int httpsServerPort = 443; /** * @see #setInternalProxies(String) */ private Pattern[] allowedInternalProxies = new Pattern[] { Pattern.compile("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("192\\.168\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}"), Pattern.compile("169\\.254\\.\\d{1,3}\\.\\d{1,3}"), Pattern.compile("127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}") }; /** * @see #setProtocolHeader(String) */ private String protocolHeader = null; private String protocolHeaderSslValue = "https"; /** * @see #setProxiesHeader(String) */ private String proxiesHeader = "X-Forwarded-By"; /** * @see #setRemoteIPHeader(String) */ private String remoteIPHeader = "X-Forwarded-For"; /** * @see #setTrustedProxies(String) */ private Pattern[] trustedProxies = new Pattern[0]; public void destroy() { } public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { if (matchesOne(request.getRemoteAddr(), allowedInternalProxies)) { String remoteIp = null; // In java 6, proxiesHeaderValue should be declared as a java.util.Deque LinkedList proxiesHeaderValue = new LinkedList(); String[] remoteIPHeaderValue = commaDelimitedListToStringArray(request.getHeader(remoteIPHeader)); int idx; // loop on remoteIPHeaderValue to find the first trusted remote ip and to build the proxies chain for (idx = remoteIPHeaderValue.length - 1; idx >= 0; idx--) { String currentRemoteIp = remoteIPHeaderValue[idx]; remoteIp = currentRemoteIp; if (matchesOne(currentRemoteIp, allowedInternalProxies)) { // do nothing, allowedInternalProxies IPs are not appended to the } else if (matchesOne(currentRemoteIp, trustedProxies)) { proxiesHeaderValue.addFirst(currentRemoteIp); } else { idx--; // decrement idx because break statement doesn't do it break; } } // continue to loop on remoteIPHeaderValue to build the new value of the remoteIPHeader LinkedList newRemoteIpHeaderValue = new LinkedList(); for (; idx >= 0; idx--) { String currentRemoteIp = remoteIPHeaderValue[idx]; newRemoteIpHeaderValue.addFirst(currentRemoteIp); } XForwardedRequest xRequest = new XForwardedRequest(request); if (remoteIp != null) { xRequest.setRemoteAddr(remoteIp); xRequest.setRemoteHost(remoteIp); if (proxiesHeaderValue.size() == 0) { xRequest.removeHeader(proxiesHeader); } else { String commaDelimitedListOfProxies = listToCommaDelimitedString(proxiesHeaderValue); xRequest.setHeader(proxiesHeader, commaDelimitedListOfProxies); } if (newRemoteIpHeaderValue.size() == 0) { xRequest.removeHeader(remoteIPHeader); } else { String commaDelimitedRemoteIpHeaderValue = listToCommaDelimitedString(newRemoteIpHeaderValue); xRequest.setHeader(remoteIPHeader, commaDelimitedRemoteIpHeaderValue); } } if (protocolHeader != null) { String protocolHeaderValue = request.getHeader(protocolHeader); if (protocolHeaderValue == null) { // don't modify the secure,scheme and serverPort attributes of the request } else if (protocolHeaderSslValue.equalsIgnoreCase(protocolHeaderValue)) { xRequest.setSecure(true); xRequest.setScheme("https"); xRequest.setServerPort(httpsServerPort); } else { xRequest.setSecure(false); xRequest.setScheme("http"); xRequest.setServerPort(httpServerPort); } } if (logger.isDebugEnabled()) { logger.debug("Incoming request " + request.getRequestURI() + " with originalRemoteAddr '" + request.getRemoteAddr() + "', originalRemoteHost='" + request.getRemoteHost() + "', originalSecure='" + request.isSecure() + "', originalScheme='" + request.getScheme() + "', original[" + remoteIPHeader + "]='" + request.getHeader(remoteIPHeader) + ", original[" + protocolHeader + "]='" + (protocolHeader == null ? null : request.getHeader(protocolHeader)) + "' will be seen as newRemoteAddr='" + xRequest.getRemoteAddr() + "', newRemoteHost='" + xRequest.getRemoteHost() + "', newScheme='" + xRequest.getScheme() + "', newSecure='" + xRequest.isSecure() + "', new[" + remoteIPHeader + "]='" + xRequest.getHeader(remoteIPHeader) + ", new[" + proxiesHeader + "]='" + xRequest.getHeader(proxiesHeader) + "'"); } chain.doFilter(xRequest, response); } else { chain.doFilter(request, response); } } /** * Wrap the incoming request in a {@link XForwardedRequest} if the http header x-forwareded-for is not empty. */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) { doFilter((HttpServletRequest)request, (HttpServletResponse)response, chain); } else { chain.doFilter(request, response); } } public int getHttpsServerPort() { return httpsServerPort; } public Pattern[] getInternalProxies() { return allowedInternalProxies; } public String getProtocolHeader() { return protocolHeader; } public String getProtocolHeaderSslValue() { return protocolHeaderSslValue; } public String getProxiesHeader() { return proxiesHeader; } public String getRemoteIPHeader() { return remoteIPHeader; } public Pattern[] getTrustedProxies() { return trustedProxies; } public void init(FilterConfig filterConfig) throws ServletException { if (filterConfig.getInitParameter(INTERNAL_PROXIES_PARAMETER) != null) { setAllowedInternalProxies(filterConfig.getInitParameter(INTERNAL_PROXIES_PARAMETER)); } if (filterConfig.getInitParameter(PROTOCOL_HEADER_PARAMETER) != null) { setProtocolHeader(filterConfig.getInitParameter(PROTOCOL_HEADER_PARAMETER)); } if (filterConfig.getInitParameter(PROTOCOL_HEADER_SSL_VALUE_PARAMETER) != null) { setProtocolHeaderSslValue(filterConfig.getInitParameter(PROTOCOL_HEADER_SSL_VALUE_PARAMETER)); } if (filterConfig.getInitParameter(PROXIES_HEADER_PARAMETER) != null) { setProxiesHeader(filterConfig.getInitParameter(PROXIES_HEADER_PARAMETER)); } if (filterConfig.getInitParameter(REMOTE_IP_HEADER_PARAMETER) != null) { setRemoteIPHeader(filterConfig.getInitParameter(REMOTE_IP_HEADER_PARAMETER)); } if (filterConfig.getInitParameter(TRUSTED_PROXIES_PARAMETER) != null) { setTrustedProxies(filterConfig.getInitParameter(TRUSTED_PROXIES_PARAMETER)); } if (filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER) != null) { try { setHttpServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTP_SERVER_PORT_PARAMETER))); } catch (NumberFormatException e) { throw new NumberFormatException("Illegal " + HTTP_SERVER_PORT_PARAMETER + " : " + e.getMessage()); } } if (filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER) != null) { try { setHttpsServerPort(Integer.parseInt(filterConfig.getInitParameter(HTTPS_SERVER_PORT_PARAMETER))); } catch (NumberFormatException e) { throw new NumberFormatException("Illegal " + HTTPS_SERVER_PORT_PARAMETER + " : " + e.getMessage()); } } } /** *

* Comma delimited list of internal proxies. Expressed with regular expressions. *

*

* Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}, 192\.168\.\d{1,3}\.\d{1,3}, 172\\.(?:1[6-9]|2\\d|3[0-1]).\\d{1,3}.\\d{1,3}, * 169\.254\.\d{1,3}\.\d{1,3}, 127\.\d{1,3}\.\d{1,3}\.\d{1,3} *

*/ public void setAllowedInternalProxies(String allowedInternalProxies) { this.allowedInternalProxies = commaDelimitedListToPatternArray(allowedInternalProxies); } /** *

* Server Port value if the {@link #protocolHeader} does not indicate HTTPS *

*

* Default value : 80 *

*/ public void setHttpServerPort(int httpServerPort) { this.httpServerPort = httpServerPort; } /** *

* Server Port value if the {@link #protocolHeader} indicates HTTPS *

*

* Default value : 443 *

*/ public void setHttpsServerPort(int httpsServerPort) { this.httpsServerPort = httpsServerPort; } /** *

* Header that holds the incoming protocol, usally named X-Forwarded-Proto. If null, request.scheme and * request.secure will not be modified. *

*

* Default value : null *

*/ public void setProtocolHeader(String protocolHeader) { this.protocolHeader = protocolHeader; } /** *

* Case insensitive value of the protocol header to indicate that the incoming http request uses SSL. *

*

* Default value : HTTPS *

*/ public void setProtocolHeaderSslValue(String protocolHeaderSslValue) { this.protocolHeaderSslValue = protocolHeaderSslValue; } /** *

* The proxiesHeader directive specifies a header into which mod_remoteip will collect a list of all of the intermediate client IP * addresses trusted to resolve the actual remote IP. Note that intermediate RemoteIPTrustedProxy addresses are recorded in this header, * while any intermediate RemoteIPInternalProxy addresses are discarded. *

*

* Name of the http header that holds the list of trusted proxies that has been traversed by the http request. *

*

* The value of this header can be comma delimited. *

*

* Default value : X-Forwarded-By *

*/ public void setProxiesHeader(String proxiesHeader) { this.proxiesHeader = proxiesHeader; } /** *

* Name of the http header from which the remote ip is extracted. *

*

* The value of this header can be comma delimited. *

*

* Default value : X-Forwarded-For *

*/ public void setRemoteIPHeader(String remoteIPHeader) { this.remoteIPHeader = remoteIPHeader; } /** *

* Comma delimited list of proxies that are trusted when they appear in the {@link #remoteIPHeader} header. Can be expressed as a * regular expression. *

*

* Default value : empty list, no external proxy is trusted. *

*/ public void setTrustedProxies(String trustedProxies) { this.trustedProxies = commaDelimitedListToPatternArray(trustedProxies); } }