Add support for CIDR notation in RemoteIpFilter
#632
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Context Tomcat's `RemoteIpFilter` currently allows configuring trusted/internal proxies using regexp. When integrating with reverse proxies with a large number of IP addresses, regexp configuration gets cumbersome. # Suggestion I suggest adding support for IP ranges in CIDR notation to make it easier to setup the filter in these cases. For backward compatibility, matching with masks is only performed when the trusted/internal proxies patterns are null. Depending on the feedback I receive on this PR, I may add the same changes to Tomcat's `RemoteIpValve`.
|
I have not looked at your implementation suggestion, but did you notice there is: https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#Remote_CIDR_Filter |
|
Ah, sorry I just realized what you plan. Please ignore my reference to RemoteCIDRFilter. |
|
This PR should use NetMaskSet as well. |
|
Hi, If you want this PR to merge smoothly, please modify this change according to markt‘s comment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Tomcat's
RemoteIpFiltercurrently allows configuring trusted/internal proxies using regexp.When integrating with reverse proxies with a large number of IP addresses, regexp configuration gets cumbersome.
Suggestion
I suggest adding support for IP ranges in CIDR notation to make it easier to setup the filter in these cases.
For backward compatibility, matching with masks is only performed when the trusted/internal proxies patterns are null.
Depending on the feedback I receive on this PR, I may add the same changes to Tomcat's
RemoteIpValve.