public class RemoteIpFilter extends Object implements Filter
Servlet filter to integrate "X-Forwarded-For" and "X-Forwarded-Proto" HTTP headers.
Most of the design of this Servlet Filter is a port of mod_remoteip, this servlet filter replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via a request headers (e.g. "X-Forwarded-For").
Another feature of this servlet filter is to replace the apparent scheme (http/https) and server port with the scheme presented by a proxy or a load balancer via a request header (e.g. "X-Forwarded-Proto").
This servlet filter proceeds as follows:
If the incoming request.getRemoteAddr() matches the servlet
filter's list of internal or trusted proxies:
$remoteIpHeader (default value x-forwarded-for). Values are processed in right-to-left order.$protocolHeader (e.g. x-forwarded-proto) consists only of forwards that match
protocolHeaderHttpsValue configuration parameter (default https) then request.isSecure = true,
request.scheme = https and request.serverPort = 443. Note that 443 can be overwritten with the
$httpsServerPort configuration parameter.Globals.REQUEST_FORWARDED_ATTRIBUTE and value Boolean.TRUE to indicate
that this request has been forwarded by one or more proxies.| XForwardedFilter property | Description | Equivalent mod_remoteip directive | Format | Default Value |
|---|---|---|---|---|
| remoteIpHeader | Name of the Http Header read by this servlet filter that holds the list of traversed IP addresses starting from the requesting client | RemoteIPHeader | Compliant http header name | x-forwarded-for |
| internalProxies | Regular expression that matches the IP addresses of internal proxies.
If they appear in the remoteIpHeader value, they will be
trusted and will not appear
in the proxiesHeader value |
RemoteIPInternalProxy | Regular expression (in the syntax supported by
java.util.regex) |
10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|
169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|
0:0:0:0:0:0:0:1|::1
By default, 10/8, 192.168/16, 169.254/16, 127/8 and 0:0:0:0:0:0:0:1 are allowed. |
| proxiesHeader | Name of the http header created by this servlet filter to hold the list of proxies that have been processed in the incoming
remoteIpHeader |
RemoteIPProxiesHeader | Compliant http header name | x-forwarded-by |
| trustedProxies | Regular expression that matches the IP addresses of trusted proxies.
If they appear in the remoteIpHeader value, they will be
trusted and will appear in the proxiesHeader value |
RemoteIPTrustedProxy | Regular expression (in the syntax supported by
java.util.regex) |
|
| protocolHeader | Name of the http header read by this servlet filter that holds the flag that this request | N/A | Compliant http header name like X-Forwarded-Proto, X-Forwarded-Ssl or Front-End-Https |
null |
| protocolHeaderHttpsValue | Value of the protocolHeader to indicate that it is an Https request |
N/A | String like https or ON |
https |
| httpServerPort | Value returned by ServletRequest.getServerPort() when the protocolHeader indicates http protocol |
N/A | integer | 80 |
| httpsServerPort | Value returned by ServletRequest.getServerPort() when the protocolHeader indicates https protocol |
N/A | integer | 443 |
| enableLookups | Should a DNS lookup be performed to provide a host name when calling ServletRequest.getRemoteHost() |
N/A | boolean | false |
Regular expression vs. IP address blocks: mod_remoteip allows to use address blocks (e.g.
192.168/16) to configure RemoteIPInternalProxy and RemoteIPTrustedProxy ; as the JVM doesn't have a
library similar to apr_ipsubnet_test, we rely on
regular expressions.
Sample with internal proxies
XForwardedFilter configuration:
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value>
</init-param>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>protocolHeader</param-name>
<param-value>x-forwarded-proto</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
| property | Value Before RemoteIpFilter | Value After RemoteIpFilter |
|---|---|---|
| request.remoteAddr | 192.168.0.10 | 140.211.11.130 |
| request.header['x-forwarded-for'] | 140.211.11.130, 192.168.0.10 | null |
| request.header['x-forwarded-by'] | null | null |
| request.header['x-forwarded-proto'] | https | https |
| request.scheme | http | https |
| request.secure | false | true |
| request.serverPort | 80 | 443 |
x-forwarded-by header is null because only internal proxies as been traversed by the request.
x-forwarded-by is null because all the proxies are trusted or internal.
Sample with trusted proxies
RemoteIpFilter configuration:
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value>
</init-param>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>trustedProxies</param-name>
<param-value>proxy1|proxy2</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
| property | Value Before RemoteIpFilter | Value After RemoteIpFilter |
|---|---|---|
| request.remoteAddr | 192.168.0.10 | 140.211.11.130 |
| request.header['x-forwarded-for'] | 140.211.11.130, proxy1, proxy2 | null |
| request.header['x-forwarded-by'] | null | proxy1, proxy2 |
Note : proxy1 and proxy2 are both trusted proxies that come in x-forwarded-for header, they both
are migrated in x-forwarded-by header. x-forwarded-by is null because all the proxies are trusted or internal.
Sample with internal and trusted proxies
RemoteIpFilter configuration:
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value>
</init-param>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>trustedProxies</param-name>
<param-value>proxy1|proxy2</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
| property | Value Before RemoteIpFilter | Value After RemoteIpFilter |
|---|---|---|
| request.remoteAddr | 192.168.0.10 | 140.211.11.130 |
| request.header['x-forwarded-for'] | 140.211.11.130, proxy1, proxy2, 192.168.0.10 | null |
| request.header['x-forwarded-by'] | null | proxy1, proxy2 |
Note : proxy1 and proxy2 are both trusted proxies that come in x-forwarded-for header, they both
are migrated in x-forwarded-by header. As 192.168.0.10 is an internal proxy, it does not appear in
x-forwarded-by. x-forwarded-by is null because all the proxies are trusted or internal.
Sample with an untrusted proxy
RemoteIpFilter configuration:
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>192\.168\.0\.10|192\.168\.0\.11</param-value>
</init-param>
<init-param>
<param-name>remoteIpHeader</param-name>
<param-value>x-forwarded-for</param-value>
</init-param>
<init-param>
<param-name>remoteIpProxiesHeader</param-name>
<param-value>x-forwarded-by</param-value>
</init-param>
<init-param>
<param-name>trustedProxies</param-name>
<param-value>proxy1|proxy2</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
| property | Value Before RemoteIpFilter | Value After RemoteIpFilter |
|---|---|---|
| request.remoteAddr | 192.168.0.10 | untrusted-proxy |
| request.header['x-forwarded-for'] | 140.211.11.130, untrusted-proxy, proxy1 | 140.211.11.130 |
| request.header['x-forwarded-by'] | null | proxy1 |
Note : x-forwarded-by holds the trusted proxy proxy1. x-forwarded-by holds
140.211.11.130 because untrusted-proxy is not trusted and thus, we cannot trust that
untrusted-proxy is the actual remote ip. request.remoteAddr is untrusted-proxy that is an IP
verified by proxy1.
| Modifier and Type | Class and Description |
|---|---|
static class |
RemoteIpFilter.XForwardedRequest |
| Modifier and Type | Field and Description |
|---|---|
protected static String |
CHANGE_LOCAL_NAME_PARAMETER |
protected static String |
CHANGE_LOCAL_PORT_PARAMETER |
protected static String |
ENABLE_LOOKUPS_PARAMETER |
protected static String |
HOST_HEADER_PARAMETER |
protected static String |
HTTP_SERVER_PORT_PARAMETER |
protected static String |
HTTPS_SERVER_PORT_PARAMETER |
protected static String |
INTERNAL_PROXIES_PARAMETER |
protected static String |
PORT_HEADER_PARAMETER |
protected static String |
PROTOCOL_HEADER_HTTPS_VALUE_PARAMETER |
protected static String |
PROTOCOL_HEADER_PARAMETER |
protected static String |
PROXIES_HEADER_PARAMETER |
protected static String |
REMOTE_IP_HEADER_PARAMETER |
protected static StringManager |
sm |
protected static String |
TRUSTED_PROXIES_PARAMETER |
| Constructor and Description |
|---|
RemoteIpFilter() |
| Modifier and Type | Method and Description |
|---|---|
protected static String[] |
commaDelimitedListToStringArray(String commaDelimitedStrings)
Convert a given comma delimited list of regular expressions into an array of String
|
void |
destroy()
Called by the web container to indicate to a filter that it is being
taken out of service.
|
void |
doFilter(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain) |
void |
doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
Wrap the incoming
request in a RemoteIpFilter.XForwardedRequest if the http header x-forwarded-for is not empty. |
boolean |
getEnableLookups() |
int |
getHttpsServerPort() |
Pattern |
getInternalProxies() |
String |
getPortHeader() |
String |
getProtocolHeader() |
String |
getProtocolHeaderHttpsValue() |
String |
getProxiesHeader() |
String |
getRemoteIpHeader() |
boolean |
getRequestAttributesEnabled() |
Pattern |
getTrustedProxies() |
void |
init(FilterConfig filterConfig)
Called by the web container to indicate to a filter that it is being
placed into service.
|
boolean |
isChangeLocalName() |
boolean |
isChangeLocalPort() |
protected static String |
listToCommaDelimitedString(List<String> stringList)
Convert a list of strings in a comma delimited string.
|
void |
setChangeLocalName(boolean changeLocalName)
If
true, the return values for both ServletRequest.getLocalName() and ServletRequest.getServerName()
will be modified by this Filter rather than just
ServletRequest.getServerName(). |
void |
setChangeLocalPort(boolean changeLocalPort)
If
true, the return values for both ServletRequest.getLocalPort() and ServletRequest.getServerPort()
will be modified by this Filter rather than just
ServletRequest.getServerPort(). |
void |
setEnableLookups(boolean enableLookups) |
void |
setHostHeader(String hostHeader)
Header that holds the incoming host, usually named
X-Forwarded-HOst. |
void |
setHttpServerPort(int httpServerPort)
Server Port value if the
protocolHeader indicates HTTP (i.e. |
void |
setHttpsServerPort(int httpsServerPort)
Server Port value if the
protocolHeader indicates HTTPS
Default value : 443
|
void |
setInternalProxies(String internalProxies)
Regular expression that defines the internal proxies.
|
void |
setPortHeader(String portHeader)
Header that holds the incoming port, usually named
X-Forwarded-Port. |
void |
setProtocolHeader(String protocolHeader)
Header that holds the incoming protocol, usually named
X-Forwarded-Proto. |
void |
setProtocolHeaderHttpsValue(String protocolHeaderHttpsValue)
Case insensitive value of the protocol header to indicate that the incoming http request uses HTTPS.
|
void |
setProxiesHeader(String proxiesHeader)
The proxiesHeader directive specifies a header into which mod_remoteip will collect a list of all of the intermediate client IP
addresses trusted to resolve the actual remote IP.
|
void |
setRemoteIpHeader(String remoteIpHeader)
Name of the http header from which the remote ip is extracted.
|
void |
setRequestAttributesEnabled(boolean requestAttributesEnabled)
Should this filter set request attributes for IP address, Hostname,
protocol and port used for the request?
|
void |
setTrustedProxies(String trustedProxies)
Regular expression defining proxies that are trusted when they appear in
the
remoteIpHeader header. |
protected static final String HTTP_SERVER_PORT_PARAMETER
protected static final String HTTPS_SERVER_PORT_PARAMETER
protected static final String INTERNAL_PROXIES_PARAMETER
protected static final StringManager sm
protected static final String PROTOCOL_HEADER_PARAMETER
protected static final String PROTOCOL_HEADER_HTTPS_VALUE_PARAMETER
protected static final String HOST_HEADER_PARAMETER
protected static final String PORT_HEADER_PARAMETER
protected static final String CHANGE_LOCAL_NAME_PARAMETER
protected static final String CHANGE_LOCAL_PORT_PARAMETER
protected static final String PROXIES_HEADER_PARAMETER
protected static final String REMOTE_IP_HEADER_PARAMETER
protected static final String TRUSTED_PROXIES_PARAMETER
protected static final String ENABLE_LOOKUPS_PARAMETER
protected static String[] commaDelimitedListToStringArray(String commaDelimitedStrings)
commaDelimitedStrings - The string to splitnull)protected static String listToCommaDelimitedString(List<String> stringList)
stringList - List of stringspublic void destroy()
Filterpublic void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
IOExceptionServletExceptionpublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
request in a RemoteIpFilter.XForwardedRequest if the http header x-forwarded-for is not empty.
The doFilter method of the Filter is called by the container
each time a request/response pair is passed through the chain due to a
client request for a resource at the end of the chain. The FilterChain
passed in to this method allows the Filter to pass on the request and
response to the next entity in the chain.
A typical implementation of this method would follow the following
pattern:-
1. Examine the request
2. Optionally wrap the request object with a custom implementation to
filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to
filter content or headers for output filtering
4. a) Either invoke the next entity in the chain using
the FilterChain object (chain.doFilter()),
4. b) or not pass on the request/response pair to the
next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next
entity in the filter chain.
doFilter in interface Filterrequest - The request to processresponse - The response associated with the requestchain - Provides access to the next filter in the chain for this
filter to pass the request and response to for further
processingIOException - if an I/O error occurs during this filter's
processing of the requestServletException - if the processing fails for any other reasonpublic boolean isChangeLocalName()
public boolean isChangeLocalPort()
public int getHttpsServerPort()
public Pattern getInternalProxies()
public String getProtocolHeader()
public String getPortHeader()
public String getProtocolHeaderHttpsValue()
public String getProxiesHeader()
public String getRemoteIpHeader()
public boolean getRequestAttributesEnabled()
true if the attributes will be logged, otherwise
falsesetRequestAttributesEnabled(boolean)public Pattern getTrustedProxies()
public boolean getEnableLookups()
public void init(FilterConfig filterConfig) throws ServletException
FilterThe web container cannot place the filter into service if the init method either:
init in interface FilterfilterConfig - The configuration information associated with the
filter instance being initialisedServletException - if the initialisation failspublic void setChangeLocalName(boolean changeLocalName)
If true, the return values for both ServletRequest.getLocalName() and ServletRequest.getServerName()
will be modified by this Filter rather than just
ServletRequest.getServerName().
Default value : false
changeLocalName - The new flag valuepublic void setChangeLocalPort(boolean changeLocalPort)
If true, the return values for both ServletRequest.getLocalPort() and ServletRequest.getServerPort()
will be modified by this Filter rather than just
ServletRequest.getServerPort().
Default value : false
changeLocalPort - The new flag valuepublic void setHttpServerPort(int httpServerPort)
Server Port value if the protocolHeader indicates HTTP (i.e. protocolHeader is not null and
has a value different of protocolHeaderHttpsValue).
Default value : 80
httpServerPort - The server port to usepublic void setHttpsServerPort(int httpsServerPort)
Server Port value if the protocolHeader indicates HTTPS
Default value : 443
httpsServerPort - The server port to usepublic void setInternalProxies(String internalProxies)
Regular expression that defines the internal proxies.
Default value : 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254.\d{1,3}.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1
internalProxies - The regexppublic void setHostHeader(String hostHeader)
Header that holds the incoming host, usually named
X-Forwarded-HOst.
Default value : null
hostHeader - The header namepublic void setPortHeader(String portHeader)
Header that holds the incoming port, usually named
X-Forwarded-Port. If null,
httpServerPort or httpsServerPort will be used.
Default value : null
portHeader - The header namepublic void setProtocolHeader(String protocolHeader)
Header that holds the incoming protocol, usually named X-Forwarded-Proto. If null, request.scheme and
request.secure will not be modified.
Default value : null
protocolHeader - The header namepublic void setProtocolHeaderHttpsValue(String protocolHeaderHttpsValue)
Case insensitive value of the protocol header to indicate that the incoming http request uses HTTPS.
Default value : https
protocolHeaderHttpsValue - The header valuepublic void setProxiesHeader(String proxiesHeader)
The proxiesHeader directive specifies a header into which mod_remoteip will collect a list of all of the intermediate client IP addresses trusted to resolve the actual remote IP. Note that intermediate RemoteIPTrustedProxy addresses are recorded in this header, while any intermediate RemoteIPInternalProxy addresses are discarded.
Name of the http header that holds the list of trusted proxies that has been traversed by the http request.
The value of this header can be comma delimited.
Default value : X-Forwarded-By
proxiesHeader - The header namepublic void setRemoteIpHeader(String remoteIpHeader)
Name of the http header from which the remote ip is extracted.
The value of this header can be comma delimited.
Default value : X-Forwarded-For
remoteIpHeader - The header namepublic void setRequestAttributesEnabled(boolean requestAttributesEnabled)
AccessLog which will otherwise log the
original values. Default is true.
The attributes set are:
requestAttributesEnabled - true causes the attributes
to be set, false disables
the setting of the attributes.public void setTrustedProxies(String trustedProxies)
Regular expression defining proxies that are trusted when they appear in
the remoteIpHeader header.
Default value : empty list, no external proxy is trusted.
trustedProxies - The trusted proxies regexppublic void setEnableLookups(boolean enableLookups)
Copyright © 2000-2021 Apache Software Foundation. All Rights Reserved.