Skip to content

Commit 993e1bf

Browse files
committed
Merge pull request #31576 from aooohan
* pr/31576: Polish "Add configuration property for RemoteIpValve's trusted proxies" Add configuration property for RemoteIpValve's trusted proxies Closes gh-31576
2 parents 69050a9 + f5f3d7c commit 993e1bf

File tree

4 files changed

+20
-1
lines changed

4 files changed

+20
-1
lines changed

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -993,6 +993,12 @@ public static class Remoteip {
993993
*/
994994
private String remoteIpHeader;
995995

996+
/**
997+
* Regular expression defining proxies that are trusted when they appear in
998+
* the "remote-ip-header" header.
999+
*/
1000+
private String trustedProxies;
1001+
9961002
public String getInternalProxies() {
9971003
return this.internalProxies;
9981004
}
@@ -1041,6 +1047,14 @@ public void setRemoteIpHeader(String remoteIpHeader) {
10411047
this.remoteIpHeader = remoteIpHeader;
10421048
}
10431049

1050+
public String getTrustedProxies() {
1051+
return this.trustedProxies;
1052+
}
1053+
1054+
public void setTrustedProxies(String trustedProxies) {
1055+
this.trustedProxies = trustedProxies;
1056+
}
1057+
10441058
}
10451059

10461060
}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -227,6 +227,7 @@ private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory)
227227
if (StringUtils.hasLength(remoteIpHeader)) {
228228
valve.setRemoteIpHeader(remoteIpHeader);
229229
}
230+
valve.setTrustedProxies(remoteIpProperties.getTrustedProxies());
230231
// The internal proxies default to a list of "safe" internal IP addresses
231232
valve.setInternalProxies(remoteIpProperties.getInternalProxies());
232233
try {

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,7 @@ void testTomcatBinding() {
129129
map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol");
130130
map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip");
131131
map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
132+
map.put("server.tomcat.remoteip.trusted-proxies", "proxy1|proxy2|proxy3");
132133
map.put("server.tomcat.reject-illegal-header", "false");
133134
map.put("server.tomcat.background-processor-delay", "10");
134135
map.put("server.tomcat.relaxed-path-chars", "|,<");
@@ -152,6 +153,7 @@ void testTomcatBinding() {
152153
assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip");
153154
assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
154155
assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
156+
assertThat(tomcat.getRemoteip().getTrustedProxies()).isEqualTo("proxy1|proxy2|proxy3");
155157
assertThat(tomcat.isRejectIllegalHeader()).isFalse();
156158
assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10);
157159
assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<');

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,8 @@ void customRemoteIpValve() {
226226
"server.tomcat.remoteip.internal-proxies=192.168.0.1",
227227
"server.tomcat.remoteip.host-header=x-my-forward-host",
228228
"server.tomcat.remoteip.port-header=x-my-forward-port",
229-
"server.tomcat.remoteip.protocol-header-https-value=On");
229+
"server.tomcat.remoteip.protocol-header-https-value=On",
230+
"server.tomcat.remoteip.trusted-proxies=proxy1|proxy2");
230231
TomcatServletWebServerFactory factory = customizeAndGetFactory();
231232
assertThat(factory.getEngineValves()).hasSize(1);
232233
Valve valve = factory.getEngineValves().iterator().next();
@@ -238,6 +239,7 @@ void customRemoteIpValve() {
238239
assertThat(remoteIpValve.getHostHeader()).isEqualTo("x-my-forward-host");
239240
assertThat(remoteIpValve.getPortHeader()).isEqualTo("x-my-forward-port");
240241
assertThat(remoteIpValve.getInternalProxies()).isEqualTo("192.168.0.1");
242+
assertThat(remoteIpValve.getTrustedProxies()).isEqualTo("proxy1|proxy2");
241243
}
242244

243245
@Test

0 commit comments

Comments
 (0)