root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Add configuration property for RemoteIpValve's trusted proxies 

See gh-31576
This commit is contained in:
lihan 2022-07-05 21:23:10 +08:00 committed by Stephane Nicoll
parent 69050a96d2
commit 7d6129547f
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -966,6 +966,11 @@ public class ServerProperties {
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+ "0:0:0:0:0:0:0:1|::1";
/**
* Regular expression defining proxies that are trusted when they appear in the remoteIpHeader header.
*/
private String trustedProxies;
/**
* Header that holds the incoming protocol, usually named "X-Forwarded-Proto".
*/
@ -1041,6 +1046,13 @@ public class ServerProperties {
this.remoteIpHeader = remoteIpHeader;
}
public String getTrustedProxies() {
return trustedProxies;
}
public void setTrustedProxies(String trustedProxies) {
this.trustedProxies = trustedProxies;
}
}
}

1
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
View File

@ -229,6 +229,7 @@ public class TomcatWebServerFactoryCustomizer
}
// The internal proxies default to a list of "safe" internal IP addresses
valve.setInternalProxies(remoteIpProperties.getInternalProxies());
valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
try {
valve.setHostHeader(remoteIpProperties.getHostHeader());
}

2
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View File

@ -129,6 +129,7 @@ class ServerPropertiesTests {
map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol");
map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip");
map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
map.put("server.tomcat.remoteip.trusted-proxies", "proxy1|proxy2|proxy3");
map.put("server.tomcat.reject-illegal-header", "false");
map.put("server.tomcat.background-processor-delay", "10");
map.put("server.tomcat.relaxed-path-chars", "|,<");
@ -152,6 +153,7 @@ class ServerPropertiesTests {
assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip");
assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
assertThat(tomcat.getRemoteip().getTrustedProxies()).isEqualTo("proxy1|proxy2|proxy3");
assertThat(tomcat.isRejectIllegalHeader()).isFalse();
assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10);
assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<');

2
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
View File

@ -224,6 +224,7 @@ class TomcatWebServerFactoryCustomizerTests {
bind("server.tomcat.remoteip.remote-ip-header=x-my-remote-ip-header",
"server.tomcat.remoteip.protocol-header=x-my-protocol-header",
"server.tomcat.remoteip.internal-proxies=192.168.0.1",
"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2",
"server.tomcat.remoteip.host-header=x-my-forward-host",
"server.tomcat.remoteip.port-header=x-my-forward-port",
"server.tomcat.remoteip.protocol-header-https-value=On");
@ -238,6 +239,7 @@ class TomcatWebServerFactoryCustomizerTests {
assertThat(remoteIpValve.getHostHeader()).isEqualTo("x-my-forward-host");
assertThat(remoteIpValve.getPortHeader()).isEqualTo("x-my-forward-port");
assertThat(remoteIpValve.getInternalProxies()).isEqualTo("192.168.0.1");
assertThat(remoteIpValve.getTrustedProxies()).isEqualTo("proxy1|proxy2");
}
@Test