From 0bd7c8afba648d89a9ce8f8fbcbf7b7f29192398 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Tue, 11 Sep 2018 11:59:13 +0100 Subject: [PATCH] Align server.tomcat.internal-proxies default with RemoteIPValve's default Closes gh-13798 --- .../boot/autoconfigure/web/ServerProperties.java | 3 ++- .../boot/autoconfigure/web/ServerPropertiesTests.java | 9 ++++++++- .../main/asciidoc/appendix-application-properties.adoc | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java index 4046766b0e0..08b86ee5859 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java @@ -610,7 +610,8 @@ public class ServerProperties + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8 + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12 + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" - + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; + + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + + "0:0:0:0:0:0:0:1|::1"; /** * Header that holds the incoming protocol, usually named "X-Forwarded-Proto". diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java index 70d5667084a..aab6bd3cc0c 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java @@ -579,7 +579,8 @@ public class ServerPropertiesTests { + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8 + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12 + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" - + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; + + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + + "0:0:0:0:0:0:0:1|::1"; assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies); } @@ -896,6 +897,12 @@ public class ServerPropertiesTests { .isEqualTo(new AccessLogValve().getRequestAttributesEnabled()); } + @Test + public void tomcatInternalProxiesMatchesDefault() { + assertThat(this.properties.getTomcat().getInternalProxies()) + .isEqualTo(new RemoteIpValve().getInternalProxies()); + } + @Test public void jettyMaxHttpPostSizeMatchesDefault() throws Exception { JettyEmbeddedServletContainerFactory jettyFactory = new JettyEmbeddedServletContainerFactory( diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc index 230ba73ce06..d72d535e3b4 100644 --- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc +++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc @@ -212,7 +212,8 @@ content into your application; rather pick only the properties that you need. 127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|\\ 172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|\\ 172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|\\ - 172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3} # regular expression matching trusted IP addresses. + 172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|\\ + 0:0:0:0:0:0:0:1|::1 # Regular expression that matches proxies that are to be trusted. server.tomcat.max-connections=10000 # Maximum number of connections that the server will accept and process at any given time. server.tomcat.max-http-header-size=0 # Maximum size in bytes of the HTTP message header. server.tomcat.max-http-post-size=2097152 # Maximum size in bytes of the HTTP post content.