Align server.tomcat.internal-proxies default with RemoteIPValve's default

wilkinsona · wilkinsona · commit 0bd7c8afba64 · 2018-09-11T12:08:03.000+01:00
Closes gh-13798
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
@@ -610,7 +610,8 @@ public static class Tomcat {
 				+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8
 				+ "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
 				+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|"
-				+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
+				+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+				+ "0:0:0:0:0:0:0:1|::1";
 
 		/**
 		 * Header that holds the incoming protocol, usually named "X-Forwarded-Proto".
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
@@ -579,7 +579,8 @@ private void testRemoteIpValveConfigured() {
 				+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8
 				+ "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
 				+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|"
-				+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}";
+				+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+				+ "0:0:0:0:0:0:0:1|::1";
 		assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
 	}
 
@@ -896,6 +897,12 @@ public void tomcatAccessLogRequestAttributesEnabledMatchesDefault() {
 						.isEqualTo(new AccessLogValve().getRequestAttributesEnabled());
 	}
 
+	@Test
+	public void tomcatInternalProxiesMatchesDefault() {
+		assertThat(this.properties.getTomcat().getInternalProxies())
+				.isEqualTo(new RemoteIpValve().getInternalProxies());
+	}
+
 	@Test
 	public void jettyMaxHttpPostSizeMatchesDefault() throws Exception {
 		JettyEmbeddedServletContainerFactory jettyFactory = new JettyEmbeddedServletContainerFactory(
diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -212,7 +212,8 @@ content into your application; rather pick only the properties that you need.
 			127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|\\
 			172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|\\
 			172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|\\
-			172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3} # regular expression matching trusted IP addresses.
+			172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|\\
+			0:0:0:0:0:0:0:1|::1 # Regular expression that matches proxies that are to be trusted.
 	server.tomcat.max-connections=10000 # Maximum number of connections that the server will accept and process at any given time.
 	server.tomcat.max-http-header-size=0 # Maximum size in bytes of the HTTP message header.
 	server.tomcat.max-http-post-size=2097152 # Maximum size in bytes of the HTTP post content.
