diff options
author | Jon Bratseth <bratseth@oath.com> | 2018-04-04 20:35:54 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-04 20:35:54 +0200 |
commit | 08bcb0eeffe5ebf9e94aea9d719abda2662bdaf1 (patch) | |
tree | c666649a3881c0a121c81b3dd46c968622b6f69a | |
parent | 06b5e4f931ae3fc08bed5b25c85b9f9fa63d7f22 (diff) | |
parent | 77fb5da6246ae33860005f4045bc6d308f206a4a (diff) |
Merge pull request #5460 from vespa-engine/frodelu/x-forwarded-for-presedence
X-Forwarded-For HTTP header take precedence for remote address in access log
2 files changed, 16 insertions, 3 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index cc2cb0e1f91..3fcc5a496df 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -35,10 +35,10 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog private static final Logger logger = Logger.getLogger(AccessLogRequestLog.class.getName()); + private static final String HEADER_NAME_X_FORWARDED_FOR = "x-forwarded-for"; private static final String HEADER_NAME_Y_RA = "y-ra"; private static final String HEADER_NAME_Y_RP = "y-rp"; private static final String HEADER_NAME_YAHOOREMOTEIP = "yahooremoteip"; - private static final String HEADER_NAME_X_FORWARDED_FOR = "x-forwarded-for"; private static final String HEADER_NAME_CLIENT_IP = "client-ip"; private final AccessLog accessLog; @@ -123,9 +123,9 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog } private static String getRemoteAddress(final HttpServletRequest request) { - return Alternative.preferred(request.getHeader(HEADER_NAME_Y_RA)) + return Alternative.preferred(request.getHeader(HEADER_NAME_X_FORWARDED_FOR)) + .alternatively(() -> request.getHeader(HEADER_NAME_Y_RA)) .alternatively(() -> request.getHeader(HEADER_NAME_YAHOOREMOTEIP)) - .alternatively(() -> request.getHeader(HEADER_NAME_X_FORWARDED_FOR)) .alternatively(() -> request.getHeader(HEADER_NAME_CLIENT_IP)) .orElseGet(request::getRemoteAddr); } diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java index cdcd2d76883..1048d7b6422 100644 --- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java +++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java @@ -90,4 +90,17 @@ public class AccessLogRequestLogTest { assertThat(actualRawQuery.get(), is(rawQuery)); } + @Test + public void verify_x_forwarded_for_precedence () { + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + when(httpServletRequest.getRequestURI()).thenReturn("//search/"); + when(httpServletRequest.getQueryString()).thenReturn("q=%%2"); + when(httpServletRequest.getHeader("x-forwarded-for")).thenReturn("1.2.3.4"); + when(httpServletRequest.getHeader("y-ra")).thenReturn("2.3.4.5"); + + AccessLogEntry accessLogEntry = new AccessLogEntry(); + AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry); + assertThat(accessLogEntry.getRemoteAddress(), is("1.2.3.4")); + } + } |