Use 'X-Forwarded-Port' as preferred source for remote port

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-10-08 11:51:57 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-10-08 11:51:57 +0200
commit: 37ee81bcb2a3eede4cdf1f162e489999a8a75efd (patch)
tree: 9d4efee01bcc4f2aeff9266f56e3cf4fb6eee6d1 /jdisc_http_service
parent: 8ddecf071e1d23f985649bb1029c802c6045de6e (diff)
2 files changed, 16 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
index 1d3edc1240e..2758331181b 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLog.java
@@ -31,6 +31,7 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog
 
     // TODO These hardcoded headers should be provided by config instead
     private static final String HEADER_NAME_X_FORWARDED_FOR = "x-forwarded-for";
+    private static final String HEADER_NAME_X_FORWARDED_PORT = "X-Forwarded-Port";
     private static final String HEADER_NAME_Y_RA = "y-ra";
     private static final String HEADER_NAME_Y_RP = "y-rp";
     private static final String HEADER_NAME_YAHOOREMOTEIP = "yahooremoteip";
@@ -127,7 +128,8 @@ public class AccessLogRequestLog extends AbstractLifeCycle implements RequestLog
     }
 
     private static int getRemotePort(final HttpServletRequest request) {
-        return Optional.ofNullable(request.getHeader(HEADER_NAME_Y_RP))
+        return Optional.ofNullable(request.getHeader(HEADER_NAME_X_FORWARDED_PORT))
+                .or(() -> Optional.ofNullable(request.getHeader(HEADER_NAME_Y_RP)))
                 .map(Integer::valueOf)
                 .orElseGet(request::getRemotePort);
     }
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java
index 3a605040742..580533be4c3 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/AccessLogRequestLogTest.java
@@ -82,6 +82,19 @@ public class AccessLogRequestLogTest {
         assertThat(accessLogEntry.getRemoteAddress(), is("1.2.3.4"));
     }
 
+    @Test
+    public void verify_x_forwarded_port_precedence () {
+        AccessLogEntry accessLogEntry = new AccessLogEntry();
+        Request jettyRequest = createRequestMock(accessLogEntry);
+        when(jettyRequest.getRequestURI()).thenReturn("//search/");
+        when(jettyRequest.getQueryString()).thenReturn("q=%%2");
+        when(jettyRequest.getHeader("X-Forwarded-Port")).thenReturn("80");
+        when(jettyRequest.getHeader("y-rp")).thenReturn("8080");
+
+        new AccessLogRequestLog(mock(AccessLog.class)).log(jettyRequest, createResponseMock());
+        assertThat(accessLogEntry.getRemotePort(), is(80));
+    }
+
     private static Request createRequestMock(AccessLogEntry entry) {
         Request request = mock(Request.class);
         when(request.getAttribute(JDiscHttpServlet.ATTRIBUTE_NAME_ACCESS_LOG_ENTRY)).thenReturn(entry);
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-10-08 11:51:57 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-10-08 11:51:57 +0200
commit	37ee81bcb2a3eede4cdf1f162e489999a8a75efd (patch)
tree	9d4efee01bcc4f2aeff9266f56e3cf4fb6eee6d1 /jdisc_http_service
parent	8ddecf071e1d23f985649bb1029c802c6045de6e (diff)