-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
None
-
None
-
None
-
-
-
Undefined
ServletRequest#getLocalPort(), getLocalAddr(), and getLocalName() does not return the correct information of the interface on which the request was received when proxy-address-forwarding="true" is enabled on http-listener. I think this behavior has started to happen since EAP 7.2.0 that incorporates UNDERTOW-1280 and UNDERTOW-1282 (via EAP7-834).
Servlet API javax.servlet.ServletRequest says:
- getLocalPort() returns the Internet Protocol (IP) port number of the interface on which the request was received.
- getLocalAddr() returns the Internet Protocol (IP) address of the interface on which the request was received.
- getLocalName() returns the host name of the Internet Protocol (IP) interface on which the request was received.
So, it should return the actual IP address/port and host name of the binding interface of the listener.
However, when ProxyPeerAddressHandler is enabled (e.g. proxy-address-forwarding="true" is specified), the X-Forwarded-Host/X-Forwarded-Port headers affect the results of the above methods. Similarly, when ForwardedHandler is enabled, the Forwarded header affects the results of the above methods. It's okay that these headers affects the results of getServerName() and getServerPort() with these handlers, but I think it should not affect the results of getLocalPort(), getLocalAddr() and getLocalName().
- duplicates
-
WFLY-14815 ServletRequest#getLocalPort(), getLocalAddr() and getLocalName() can return wrong information when proxy-address-forwarding="true" is enabled
- Closed