diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-10-09 11:02:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-09 11:02:45 +0200 |
commit | c0156c296d3fdd10f69b11aefb6780069dbf1241 (patch) | |
tree | d0261807536b3968aa8ac23237ab8b4ffff7f69b /jdisc_http_service/src/main | |
parent | efcf8dfae84cd59e3c62793d23b60abb5a06e091 (diff) | |
parent | d093fdab1ae901e03a7aa77747af996dcc4d44f4 (diff) |
Merge pull request #14739 from vespa-engine/bjorncs/jdisc-access-logging
Don't use request headers for remote address/port in hosted Vespa
Diffstat (limited to 'jdisc_http_service/src/main')
3 files changed, 34 insertions, 26 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index 7085f07585a..e8fd92f8e19 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -4,6 +4,7 @@ package com.yahoo.jdisc.http.server.jetty; import com.google.common.base.Objects; import com.yahoo.container.logging.AccessLog; import com.yahoo.container.logging.AccessLogEntry; +import com.yahoo.jdisc.http.ServerConfig; import com.yahoo.jdisc.http.servlet.ServletRequest; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.RequestLog; @@ -15,6 +16,7 @@ import java.security.Principal; import java.security.cert.X509Certificate; import java.util.List; import java.util.Optional; +import java.util.OptionalInt; import java.util.logging.Level; import java.util.logging.Logger; @@ -27,25 +29,21 @@ import static com.yahoo.jdisc.http.core.HttpServletRequestUtils.getConnectorLoca * @author Oyvind Bakksjo * @author bjorncs */ -public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog { +class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog { private static final Logger logger = Logger.getLogger(AccessLogRequestLog.class.getName()); - // TODO These hardcoded headers should be provided by config instead - private static final String HEADER_NAME_X_FORWARDED_FOR = "x-forwarded-for"; - private static final String HEADER_NAME_X_FORWARDED_PORT = "X-Forwarded-Port"; - private static final String HEADER_NAME_Y_RA = "y-ra"; - private static final String HEADER_NAME_Y_RP = "y-rp"; - private static final String HEADER_NAME_YAHOOREMOTEIP = "yahooremoteip"; - private static final String HEADER_NAME_CLIENT_IP = "client-ip"; - // HTTP headers that are logged as extra key-value-pairs in access log entries private static final List<String> LOGGED_REQUEST_HEADERS = List.of("Vespa-Client-Version"); private final AccessLog accessLog; + private final List<String> remoteAddressHeaders; + private final List<String> remotePortHeaders; - public AccessLogRequestLog(AccessLog accessLog) { + AccessLogRequestLog(AccessLog accessLog, ServerConfig.AccessLog config) { this.accessLog = accessLog; + this.remoteAddressHeaders = config.remoteAddressHeaders(); + this.remotePortHeaders = config.remotePortHeaders(); } @Override @@ -121,26 +119,30 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog } } - private static String getRemoteAddress(HttpServletRequest request) { - return Optional.ofNullable(request.getHeader(HEADER_NAME_X_FORWARDED_FOR)) - .or(() -> Optional.ofNullable(request.getHeader(HEADER_NAME_Y_RA))) - .or(() -> Optional.ofNullable(request.getHeader(HEADER_NAME_YAHOOREMOTEIP))) - .or(() -> Optional.ofNullable(request.getHeader(HEADER_NAME_CLIENT_IP))) - .orElseGet(request::getRemoteAddr); + private String getRemoteAddress(HttpServletRequest request) { + for (String header : remoteAddressHeaders) { + String value = request.getHeader(header); + if (value != null) return value; + } + return request.getRemoteAddr(); } - private static int getRemotePort(HttpServletRequest request) { - return Optional.ofNullable(request.getHeader(HEADER_NAME_X_FORWARDED_PORT)) - .or(() -> Optional.ofNullable(request.getHeader(HEADER_NAME_Y_RP))) - .flatMap(AccessLogRequestLog::parsePort) - .orElseGet(request::getRemotePort); + private int getRemotePort(HttpServletRequest request) { + for (String header : remotePortHeaders) { + String value = request.getHeader(header); + if (value != null) { + OptionalInt maybePort = parsePort(value); + if (maybePort.isPresent()) return maybePort.getAsInt(); + } + } + return request.getRemotePort(); } - private static Optional<Integer> parsePort(String port) { + private static OptionalInt parsePort(String port) { try { - return Optional.of(Integer.valueOf(port)); + return OptionalInt.of(Integer.parseInt(port)); } catch (IllegalArgumentException e) { - return Optional.empty(); + return OptionalInt.empty(); } } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java index c826f52a865..45dc9144ffe 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyHttpServer.java @@ -147,7 +147,7 @@ public class JettyHttpServer extends AbstractServerProvider { server = new Server(); server.setStopTimeout((long)(serverConfig.stopTimeout() * 1000.0)); - server.setRequestLog(new AccessLogRequestLog(accessLog)); + server.setRequestLog(new AccessLogRequestLog(accessLog, serverConfig.accessLog())); setupJmx(server, serverConfig); ((QueuedThreadPool)server.getThreadPool()).setMaxThreads(serverConfig.maxWorkerThreads()); diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.jdisc.http.server.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.jdisc.http.server.def index 0cb5b89b20c..3118a7dea64 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.jdisc.http.server.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.jdisc.http.server.def @@ -43,4 +43,10 @@ jmx.listenPort int default = 1099 metric.monitoringHandlerPaths[] string # Paths that should be reported with search dimensions where applicable -metric.searchHandlerPaths[] string
\ No newline at end of file +metric.searchHandlerPaths[] string + +# HTTP request headers that contain remote address +accessLog.remoteAddressHeaders[] string + +# HTTP request headers that contain remote port +accessLog.remotePortHeaders[] string |