root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Add configuration property for RemoteIpValve's trusted proxies 

See gh-31576
This commit is contained in:
lihan 2022-07-05 21:23:10 +08:00 committed by Stephane Nicoll
parent 69050a96d2
commit 7d6129547f
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -966,6 +966,11 @@ public class ServerProperties {
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+ "0:0:0:0:0:0:0:1|::1"; + "0:0:0:0:0:0:0:1|::1";
/**
* Regular expression defining proxies that are trusted when they appear in the remoteIpHeader header.
*/
private String trustedProxies;
/** /**
* Header that holds the incoming protocol, usually named "X-Forwarded-Proto". * Header that holds the incoming protocol, usually named "X-Forwarded-Proto".
*/ */
@ -1041,6 +1046,13 @@ public class ServerProperties {
this.remoteIpHeader = remoteIpHeader; this.remoteIpHeader = remoteIpHeader;
} }
public String getTrustedProxies() {
return trustedProxies;
}
public void setTrustedProxies(String trustedProxies) {
this.trustedProxies = trustedProxies;
}
} }
} }

1
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
View File

@ -229,6 +229,7 @@ public class TomcatWebServerFactoryCustomizer
} }
// The internal proxies default to a list of "safe" internal IP addresses // The internal proxies default to a list of "safe" internal IP addresses
valve.setInternalProxies(remoteIpProperties.getInternalProxies()); valve.setInternalProxies(remoteIpProperties.getInternalProxies());
valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
try { try {
valve.setHostHeader(remoteIpProperties.getHostHeader()); valve.setHostHeader(remoteIpProperties.getHostHeader());
} }

2
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View File

@ -129,6 +129,7 @@ class ServerPropertiesTests {
map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol"); map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol");
map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip"); map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip");
map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"); map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
map.put("server.tomcat.remoteip.trusted-proxies", "proxy1|proxy2|proxy3");
map.put("server.tomcat.reject-illegal-header", "false"); map.put("server.tomcat.reject-illegal-header", "false");
map.put("server.tomcat.background-processor-delay", "10"); map.put("server.tomcat.background-processor-delay", "10");
map.put("server.tomcat.relaxed-path-chars", "|,<"); map.put("server.tomcat.relaxed-path-chars", "|,<");
@ -152,6 +153,7 @@ class ServerPropertiesTests {
assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip"); assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip");
assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol"); assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"); assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
assertThat(tomcat.getRemoteip().getTrustedProxies()).isEqualTo("proxy1|proxy2|proxy3");
assertThat(tomcat.isRejectIllegalHeader()).isFalse(); assertThat(tomcat.isRejectIllegalHeader()).isFalse();
assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10); assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10);
assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<'); assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<');

2
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
View File

@ -224,6 +224,7 @@ class TomcatWebServerFactoryCustomizerTests {
bind("server.tomcat.remoteip.remote-ip-header=x-my-remote-ip-header", bind("server.tomcat.remoteip.remote-ip-header=x-my-remote-ip-header",
"server.tomcat.remoteip.protocol-header=x-my-protocol-header", "server.tomcat.remoteip.protocol-header=x-my-protocol-header",
"server.tomcat.remoteip.internal-proxies=192.168.0.1", "server.tomcat.remoteip.internal-proxies=192.168.0.1",
"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2",
"server.tomcat.remoteip.host-header=x-my-forward-host", "server.tomcat.remoteip.host-header=x-my-forward-host",
"server.tomcat.remoteip.port-header=x-my-forward-port", "server.tomcat.remoteip.port-header=x-my-forward-port",
"server.tomcat.remoteip.protocol-header-https-value=On"); "server.tomcat.remoteip.protocol-header-https-value=On");
@ -238,6 +239,7 @@ class TomcatWebServerFactoryCustomizerTests {
assertThat(remoteIpValve.getHostHeader()).isEqualTo("x-my-forward-host"); assertThat(remoteIpValve.getHostHeader()).isEqualTo("x-my-forward-host");
assertThat(remoteIpValve.getPortHeader()).isEqualTo("x-my-forward-port"); assertThat(remoteIpValve.getPortHeader()).isEqualTo("x-my-forward-port");
assertThat(remoteIpValve.getInternalProxies()).isEqualTo("192.168.0.1"); assertThat(remoteIpValve.getInternalProxies()).isEqualTo("192.168.0.1");
assertThat(remoteIpValve.getTrustedProxies()).isEqualTo("proxy1|proxy2");
} }
@Test @Test