diff options
author | Frode Lundgren <frodelu@yahoo-inc.com> | 2018-04-04 20:13:26 +0200 |
---|---|---|
committer | Frode Lundgren <frodelu@yahoo-inc.com> | 2018-04-04 20:13:26 +0200 |
commit | 77fb5da6246ae33860005f4045bc6d308f206a4a (patch) | |
tree | 9829de84bc27672feeebaba23f0dbb9b153e48bf /jdisc_http_service | |
parent | 400a5fa4bd9627476e7302a98aa27cb808d92493 (diff) |
Let X-Forwarded-For HTTP header take precedence for remote address in access log
Diffstat (limited to 'jdisc_http_service')
2 files changed, 16 insertions, 3 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java index cc2cb0e1f91..3fcc5a496df 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java @@ -35,10 +35,10 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog private static final Logger logger = Logger.getLogger(AccessLogRequestLog.class.getName()); + private static final String HEADER_NAME_X_FORWARDED_FOR = "x-forwarded-for"; private static final String HEADER_NAME_Y_RA = "y-ra"; private static final String HEADER_NAME_Y_RP = "y-rp"; private static final String HEADER_NAME_YAHOOREMOTEIP = "yahooremoteip"; - private static final String HEADER_NAME_X_FORWARDED_FOR = "x-forwarded-for"; private static final String HEADER_NAME_CLIENT_IP = "client-ip"; private final AccessLog accessLog; @@ -123,9 +123,9 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog } private static String getRemoteAddress(final HttpServletRequest request) { - return Alternative.preferred(request.getHeader(HEADER_NAME_Y_RA)) + return Alternative.preferred(request.getHeader(HEADER_NAME_X_FORWARDED_FOR)) + .alternatively(() -> request.getHeader(HEADER_NAME_Y_RA)) .alternatively(() -> request.getHeader(HEADER_NAME_YAHOOREMOTEIP)) - .alternatively(() -> request.getHeader(HEADER_NAME_X_FORWARDED_FOR)) .alternatively(() -> request.getHeader(HEADER_NAME_CLIENT_IP)) .orElseGet(request::getRemoteAddr); } diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java index cdcd2d76883..1048d7b6422 100644 --- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java +++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java @@ -90,4 +90,17 @@ public class AccessLogRequestLogTest { assertThat(actualRawQuery.get(), is(rawQuery)); } + @Test + public void verify_x_forwarded_for_precedence () { + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + when(httpServletRequest.getRequestURI()).thenReturn("//search/"); + when(httpServletRequest.getQueryString()).thenReturn("q=%%2"); + when(httpServletRequest.getHeader("x-forwarded-for")).thenReturn("1.2.3.4"); + when(httpServletRequest.getHeader("y-ra")).thenReturn("2.3.4.5"); + + AccessLogEntry accessLogEntry = new AccessLogEntry(); + AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry); + assertThat(accessLogEntry.getRemoteAddress(), is("1.2.3.4")); + } + } |