get forward header and apply it fro proxies

Daan Hoogland · Daan Hoogland · commit 3362d5a77bf7 · 2025-08-04T09:01:09.000+02:00
diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -24,12 +24,15 @@
 import java.io.InputStream;
 import java.lang.management.ManagementFactory;
 import java.net.URL;
+import java.util.Arrays;
 import java.util.Properties;
 
+import com.cloud.api.ApiServer;
 import org.apache.commons.daemon.Daemon;
 import org.apache.commons.daemon.DaemonContext;
 import org.apache.commons.lang3.StringUtils;
 import org.eclipse.jetty.jmx.MBeanContainer;
+import org.eclipse.jetty.server.ForwardedRequestCustomizer;
 import org.eclipse.jetty.server.HttpConfiguration;
 import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.NCSARequestLog;
@@ -185,6 +188,7 @@ public void start() throws Exception {
         httpConfig.setResponseHeaderSize(8192);
         httpConfig.setSendServerVersion(false);
         httpConfig.setSendDateHeader(false);
+        addForwordingCustomiser(httpConfig);
 
         // HTTP Connector
         createHttpConnector(httpConfig);
@@ -207,6 +211,21 @@ public void start() throws Exception {
         server.join();
     }
 
+    /**
+     * Adds a ForwardedRequestCustomizer to the HTTP configuration to handle forwarded headers.
+     * The header used for forwarding is determined by the ApiServer.listOfForwardHeaders property.
+     * Only non empty headers are considdered and only the first of the comma-separated list is used.
+     * @param httpConfig the HTTP configuration to which the customizer will be added
+     */
+    private static void addForwordingCustomiser(HttpConfiguration httpConfig) {
+        ForwardedRequestCustomizer customiser = new ForwardedRequestCustomizer();
+        String header = Arrays.stream(ApiServer.listOfForwardHeaders.value().split(",")).findFirst().orElse(null);
+        if (com.cloud.utils.StringUtils.isNotEmpty(header)) {
+            customiser.setForwardedForHeader(header);
+        }
+        httpConfig.addCustomizer(customiser);
+    }
+
     @Override
     public void stop() throws Exception {
         server.stop();
diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java
@@ -315,14 +315,14 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
             , "enables/disables checking of ipaddresses from a proxy set header. See \"proxy.header.names\" for the headers to allow."
             , true
             , ConfigKey.Scope.Global);
-    static final ConfigKey<String> listOfForwardHeaders = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK
+    public static final ConfigKey<String> listOfForwardHeaders = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK
             , String.class
             , "proxy.header.names"
             , "X-Forwarded-For,HTTP_CLIENT_IP,HTTP_X_FORWARDED_FOR"
             , "a list of names to check for allowed ipaddresses from a proxy set header. See \"proxy.cidr\" for the proxies allowed to set these headers."
             , true
             , ConfigKey.Scope.Global);
-    static final ConfigKey<String> proxyForwardList = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK
+    public static final ConfigKey<String> proxyForwardList = new ConfigKey<>(ConfigKey.CATEGORY_NETWORK
             , String.class
             , "proxy.cidr"
             , ""
