diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java index 5229333ab74..6d7e7ac0be4 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java @@ -372,7 +372,7 @@ public class ServerProperties { private final Accesslog accesslog = new Accesslog(); /** - * Regular expression matching trusted IP addresses. + * Regular expression that matches proxies that are to be trusted. */ private String internalProxies = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 10/8 + "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" // 192.168/16 @@ -380,7 +380,8 @@ public class ServerProperties { + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8 + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12 + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" - + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; + + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + + "0:0:0:0:0:0:0:1|::1"; /** * Header that holds the incoming protocol, usually named "X-Forwarded-Proto". diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java index 22900fbb8e7..f211f66a46e 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java @@ -37,6 +37,7 @@ import org.apache.catalina.connector.Connector; import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardEngine; import org.apache.catalina.valves.AccessLogValve; +import org.apache.catalina.valves.RemoteIpValve; import org.apache.coyote.AbstractProtocol; import org.eclipse.jetty.server.HttpChannel; import org.eclipse.jetty.server.Request; @@ -267,6 +268,12 @@ public class ServerPropertiesTests { .isEqualTo(new AccessLogValve().getRequestAttributesEnabled()); } + @Test + public void tomcatInternalProxiesMatchesDefault() { + assertThat(this.properties.getTomcat().getInternalProxies()) + .isEqualTo(new RemoteIpValve().getInternalProxies()); + } + @Test public void jettyMaxHttpPostSizeMatchesDefault() throws Exception { JettyServletWebServerFactory jettyFactory = new JettyServletWebServerFactory(0); diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java index ce3e53748bf..cf27b8f8590 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java @@ -167,7 +167,8 @@ public class TomcatWebServerFactoryCustomizerTests { + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8 + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12 + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" - + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; + + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + + "0:0:0:0:0:0:0:1|::1"; assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies); }