Hello everyone,
I have a question about the remoteipvalve in tomcat 8.5: https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/Remo teIpValve.html internalProxies Regular expression that matches the IP addresses of internal proxies. If they appear in the remoteIpHeader value, they will be trusted and will not appear in the proxiesHeader value RemoteIPInternalProxy Regular expression (in the syntax supported by java.util.regex) 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}| 169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}| 172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}| 172\.3[0-1]{1}\.\d{1,3}\.\d{1,3} By default, 10/8, 192.168/16, 169.254/16, 127/8 and 172.16/12 are allowed. I need to convert some CIDR ranges to regex: my concern is that /d{1,3} wil match too many (non exist) addresses 103\.21\.24\d[4-7]\.\d[0-9]\d{1,3}|103\.22\.20\d[0-3]\.\d[0-9]\d{1,3}|103\.3 1\.\d[4-7]\.\d[0-9]\d{1,3} So I re-wrote using capture groups, below does not function however, and I assume it is due to OR (|) which tomcat will affectively see as a new entry? So I tried escaping, but I cannot get it to work: 103\.21\.(2(4[4-7]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\|5[0-5 ]))|103\.22\.(2(0[0-3]))\.([0-9]\|[1-9][0-9]\|1([0-9][0-9])\|2([0-4][0-9]\|5 [0-5])) Any thoughts? Thanks, Harrie
