Details
-
Bug
-
Resolution: Duplicate
-
Major
-
2.1.3.Final
-
None
Description
The X_FORWARDED_FOR header is incorrectly parsed when there are multiple chained adresses like this:
X_FORWARDED_FOR : 85.10.10.17, 10.162.219.114
See [documentation|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For]
Instead of matching the whole header as IPv4/IPv6, the first ('mostRecent') address should be matched
The current code is this:
String remoteClient = mostRecent(forwardedFor);
//we have no way of knowing the port
if(IP4_EXACT.matcher(forwardedFor).matches())
Unknown macro: { exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv4Address(remoteClient), 0)); }
else if(IP6_EXACT.matcher(forwardedFor).matches()) {
exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv6Address(remoteClient), 0));
I would expect this:
String remoteClient = mostRecent(forwardedFor);
//we have no way of knowing the port
if(IP4_EXACT.matcher(remoteClient).matches())
Unknown macro: { exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv4Address(remoteClient), 0)); }
else if(IP6_EXACT.matcher(remoteClient).matches()) {
exchange.setSourceAddress(new InetSocketAddress(NetworkUtils.parseIpv6Address(remoteClient), 0));
Attachments
Issue Links
- duplicates
-
-
- Resolved
-
