-
Bug
-
Resolution: Done
-
Major
-
2.0.39.Final, 2.2.10.Final
-
None
IPAddressAccessControlHandler stops working when ProxyPeerAddressHandler is enabled and the X-Forwarded-For request header contains multiple IP addresses.
This issue happens because ProxyPeerAddressHandler creates an unresolved InetSocketAddress and sets it to HttpServerExchange#setSourceAddress() when the X-Forwarded-For request header contains multiple IP addresses. As InetSocketAddress#getAddress() returns null if it is unresolved, exchange.getSourceAddress().getAddress() returns null, so it causes IPAddressAccessControlHandler stop working.
—
This issue is similar to UNDERTOW-1296, but this happens only when the X-Forwarded-For request header contains multiple IP addresses. It looks like a bug in the fixed code for UNDERTOW-1296.
As the syntax of X-Forwarded-For is
X-Forwarded-For: <client>, <proxy1>, <proxy2>
ProxyPeerAddressHandler basically should check the first entry of the X-Forwarded-For request header.
- is duplicated by
-
-
- Resolved
-
- is incorporated by
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
UNDERTOW-1965 Initialize ProxyHandler with enabling "setReuseXForwarded(true)" inside DefaultServer for X-Forwarded-* header related unit tests
-
- Resolved
-