Thanks Chuck, that actually worked! Chuck Caldarale <n82...@gmail.com> ezt írta (időpont: 2024. nov. 28., Cs, 2:15): > > > > On Nov 27, 2024, at 17:08, Balazs Jantek <jant...@gmail.com> wrote: > > > > I am debugging a scenario where Tomcat 10.1.26 is working behind an > > Application Gateway on Microsoft Azure. > > > > The webpage makes a request to /favicon.ico which goes through the > > RemoteIpValve, which correctly identifies that the request is an > > internal one, based on the beginning of the IPv4 address, but then > > populates the http requests's remote address value with the header > > "x-forwarded-for" received from Azure, which contains the port number > > appended to the IP with a colon. > > > Leave it to Microsoft to violate standards (or at least standard practice) by > adding a port number where it isn’t warranted. > > > > This seems to break the internal web application, which assumes that > > ServletRequest.getRemoteAddr() only contains the hostname/IP, but not > > a port number. > > > > As far as I can see the value in x-forwarded-for is less defined, but > > the value present in getRemoteAddr() is strictly something without > > port number. > > > > Is this something that can be worked around with configuration, or > > does it look like a bug worth fixing in the RemoteIpValve? > > > There doesn’t appear to be anything in Tomcat to compensate for Azure’s bad > behavior here, but you might be able to fix it in Application Gateway. I’ve > never configured anything in Azure, but this web page seems to indicate that > you could override the x-forwarded-for header by setting > add_x_forwarded_for_proxy: > > https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url > > ”The X-Forwarded-For client request header field with the client_ipvariable > (see explanation later in this table) appended to it in the format IP1, IP2, > IP3, and so on. If the X-Forwarded-For field isn't in the client request > header, the add_x_forwarded_for_proxy variable is equal to the $client_ip > variable. This variable is useful when you want to rewrite the > X-Forwarded-For header set by Application Gateway so that the header contains > only the IP address without the port information [emphasis added].” > > Look at the section titled "Remove port information from the X-Forwarded-For > header” in the above web page for an example. > > So maybe… > > > - Chuck >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
