Package org.eclipse.jetty.server
Class ForwardedRequestCustomizer
java.lang.Object
org.eclipse.jetty.server.ForwardedRequestCustomizer
- All Implemented Interfaces:
HttpConfiguration.Customizer
Customize Requests for Proxy Forwarding.
This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are
Forwarded
, as defined by rfc7239X-Forwarded-Host
X-Forwarded-Server
X-Forwarded-For
X-Forwarded-Proto
X-Proxied-Https
If these headers are present, then the Request
object is updated
so that the proxy is not seen as the other end point of the connection on which
the request came
Headers can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised
The Authority (host and port) is updated on the Request
object based
on the host / port information in the following search order.
# | Value Origin | Host | Port | Protocol | Notes |
---|---|---|---|---|---|
1 | Forwarded Header |
"host=<host> " param (Required) |
"host=<host>:<port> param (Implied) |
"proto=<value> " param (Optional) |
From left-most relevant parameter (see rfc7239) |
2 | X-Forwarded-Host Header |
Required | Implied | n/a | left-most value |
3 | X-Forwarded-Port Header |
n/a | Required | n/a | left-most value (only if getForwardedPortAsAuthority() is true) |
4 | X-Forwarded-Server Header |
Required | Optional | n/a | left-most value |
5 | X-Forwarded-Proto Header |
n/a | Implied from value | Required |
left-most value becomes protocol.
|
6 | X-Proxied-Https Header |
n/a | Implied from value | boolean |
left-most value determines protocol and port.
|
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
Ordered Source Enum. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
customize
(Connector connector, HttpConfiguration config, Request request) boolean
Get the forwardedProtoHeader.protected static String
getLeftMost
(String headerValue) boolean
protected static int
getSecurePort
(HttpConfiguration config) boolean
protected void
void
setForcedHost
(String hostAndPort) Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.void
setForwardedCipherSuiteHeader
(String forwardedCipherSuiteHeader) void
setForwardedForHeader
(String forwardedRemoteAddressHeader) void
setForwardedHeader
(String forwardedHeader) void
setForwardedHostHeader
(String forwardedHostHeader) void
setForwardedHttpsHeader
(String forwardedHttpsHeader) void
setForwardedOnly
(boolean rfc7239only) void
setForwardedPortAsAuthority
(boolean forwardedPortAsAuthority) Set if the X-Forwarded-Port header will be used for Authorityvoid
setForwardedPortHeader
(String forwardedPortHeader) void
setForwardedProtoHeader
(String forwardedProtoHeader) Set the forwardedProtoHeader.void
setForwardedServerHeader
(String forwardedServerHeader) void
setForwardedSslSessionIdHeader
(String forwardedSslSessionIdHeader) void
setHostHeader
(String hostHeader) Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.void
setProxyAsAuthority
(boolean proxyAsAuthority) void
setSslIsSecure
(boolean sslIsSecure) toString()
-
Constructor Details
-
ForwardedRequestCustomizer
public ForwardedRequestCustomizer()
-
-
Method Details
-
getProxyAsAuthority
public boolean getProxyAsAuthority()- Returns:
- true if the proxy address obtained via
X-Forwarded-Server
or RFC7239 "by" is used as the request authority. Default false
-
setProxyAsAuthority
public void setProxyAsAuthority(boolean proxyAsAuthority) - Parameters:
proxyAsAuthority
- if true, use the proxy address obtained viaX-Forwarded-Server
or RFC7239 "by" as the request authority.
-
setForwardedOnly
public void setForwardedOnly(boolean rfc7239only) - Parameters:
rfc7239only
- Configure to only support the RFC7239 Forwarded header and to not support anyX-Forwarded-
headers. This convenience method clears all the non RFC headers if passed true and sets them to the default values (if not already set) if passed false.
-
getForcedHost
-
setForcedHost
Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.- Parameters:
hostAndPort
- The value of the host header to force.
-
getForwardedHeader
- Returns:
- The header name for RFC forwarded (default Forwarded)
-
setForwardedHeader
- Parameters:
forwardedHeader
- The header name for RFC forwarded (default Forwarded)
-
getForwardedHostHeader
-
setForwardedHostHeader
- Parameters:
forwardedHostHeader
- The header name for forwarded hosts (defaultX-Forwarded-Host
)
-
getForwardedServerHeader
- Returns:
- the header name for forwarded server.
-
setForwardedServerHeader
- Parameters:
forwardedServerHeader
- The header name for forwarded server (defaultX-Forwarded-Server
)
-
getForwardedForHeader
- Returns:
- the forwarded for header
-
setForwardedForHeader
- Parameters:
forwardedRemoteAddressHeader
- The header name for forwarded for (defaultX-Forwarded-For
)
-
getForwardedPortHeader
-
setForwardedPortHeader
- Parameters:
forwardedPortHeader
- The header name for forwarded hosts (defaultX-Forwarded-Port
)
-
getForwardedPortAsAuthority
public boolean getForwardedPortAsAuthority()- Returns:
- if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address
-
setForwardedPortAsAuthority
public void setForwardedPortAsAuthority(boolean forwardedPortAsAuthority) Set if the X-Forwarded-Port header will be used for Authority- Parameters:
forwardedPortAsAuthority
- if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address
-
getForwardedProtoHeader
Get the forwardedProtoHeader.- Returns:
- the forwardedProtoHeader (default
X-Forwarded-Proto
)
-
setForwardedProtoHeader
Set the forwardedProtoHeader.- Parameters:
forwardedProtoHeader
- the forwardedProtoHeader to set (defaultX-Forwarded-Proto
)
-
getForwardedCipherSuiteHeader
- Returns:
- The header name holding a forwarded cipher suite (default
Proxy-auth-cert
)
-
setForwardedCipherSuiteHeader
- Parameters:
forwardedCipherSuiteHeader
- The header name holding a forwarded cipher suite (defaultProxy-auth-cert
)
-
getForwardedSslSessionIdHeader
- Returns:
- The header name holding a forwarded SSL Session ID (default
Proxy-ssl-id
)
-
setForwardedSslSessionIdHeader
- Parameters:
forwardedSslSessionIdHeader
- The header name holding a forwarded SSL Session ID (defaultProxy-ssl-id
)
-
getForwardedHttpsHeader
- Returns:
- The header name holding a forwarded Https status indicator (on|off true|false) (default
X-Proxied-Https
)
-
setForwardedHttpsHeader
- Parameters:
forwardedHttpsHeader
- the header name holding a forwarded Https status indicator(defaultX-Proxied-Https
)
-
isSslIsSecure
public boolean isSslIsSecure()- Returns:
- true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)
-
setSslIsSecure
public void setSslIsSecure(boolean sslIsSecure) - Parameters:
sslIsSecure
- true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)
-
customize
- Specified by:
customize
in interfaceHttpConfiguration.Customizer
-
getSecurePort
-
onError
-
getLeftMost
-
toString
-
getHostHeader
-
setHostHeader
Set a forced valued for the host header to control what is returned byServletRequest.getServerName()
andServletRequest.getServerPort()
.- Parameters:
hostHeader
- The value of the host header to force.
-