Package org.eclipse.jetty.server

Class ForwardedRequestCustomizer

java.lang.Object

org.eclipse.jetty.server.ForwardedRequestCustomizer

All Implemented Interfaces:

HttpConfiguration.Customizer

public class ForwardedRequestCustomizer
extends Object
implements HttpConfiguration.Customizer

Customize Requests for Proxy Forwarding.

This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are

• Forwarded, as defined by rfc7239
• X-Forwarded-Host
• X-Forwarded-Server
• X-Forwarded-For
• X-Forwarded-Proto
• X-Proxied-Https

If these headers are present, then the Request object is updated so that the proxy is not seen as the other end point of the connection on which the request came

Headers can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised

The Authority (host and port) is updated on the Request object based on the host / port information in the following search order.

Request Authority Search Order

#	Value Origin	Host	Port	Protocol	Notes
1	Forwarded Header	"host=<host>" param (Required)	"host=<host>:<port> param (Implied)	"proto=<value>" param (Optional)	From left-most relevant parameter (see rfc7239)
2	X-Forwarded-Host Header	Required	Implied	n/a	left-most value
3	X-Forwarded-Port Header	n/a	Required	n/a	left-most value (only if getForwardedPortAsAuthority() is true)
4	X-Forwarded-Server Header	Required	Optional	n/a	left-most value
5	X-Forwarded-Proto Header	n/a	Implied from value	Required	left-most value becomes protocol. Value of "http" means port=80. Value of "HttpConfiguration.getSecureScheme()" means port=HttpConfiguration.getSecurePort().
6	X-Proxied-Https Header	n/a	Implied from value	boolean	left-most value determines protocol and port. Value of "on" means port=HttpConfiguration.getSecurePort(), and protocol=HttpConfiguration.getSecureScheme()). Value of "off" means port=80, and protocol=http.

See Also:

• Wikipedia: X-Forwarded-For
• RFC 7239: Forwarded HTTP Extension

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	ForwardedRequestCustomizer.Source	Ordered Source Enum.

Constructor Summary

Constructors

Constructor	Description
ForwardedRequestCustomizer()

Method Summary

Modifier and Type	Method	Description
void	customize(Connector connector, HttpConfiguration config, Request request)
String	getForcedHost()
String	getForwardedCipherSuiteHeader()
String	getForwardedForHeader()
String	getForwardedHeader()
String	getForwardedHostHeader()
String	getForwardedHttpsHeader()
boolean	getForwardedPortAsAuthority()
String	getForwardedPortHeader()
String	getForwardedProtoHeader()	Get the forwardedProtoHeader.
String	getForwardedServerHeader()
String	getForwardedSslSessionIdHeader()
String	getHostHeader()
protected static String	getLeftMost(String headerValue)
boolean	getProxyAsAuthority()
protected static int	getSecurePort(HttpConfiguration config)
boolean	isSslIsSecure()
protected void	onError(HttpField field, Throwable t)
void	setForcedHost(String hostAndPort)	Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().
void	setForwardedCipherSuiteHeader(String forwardedCipherSuiteHeader)
void	setForwardedForHeader(String forwardedRemoteAddressHeader)
void	setForwardedHeader(String forwardedHeader)
void	setForwardedHostHeader(String forwardedHostHeader)
void	setForwardedHttpsHeader(String forwardedHttpsHeader)
void	setForwardedOnly(boolean rfc7239only)
void	setForwardedPortAsAuthority(boolean forwardedPortAsAuthority)	Set if the X-Forwarded-Port header will be used for Authority
void	setForwardedPortHeader(String forwardedPortHeader)
void	setForwardedProtoHeader(String forwardedProtoHeader)	Set the forwardedProtoHeader.
void	setForwardedServerHeader(String forwardedServerHeader)
void	setForwardedSslSessionIdHeader(String forwardedSslSessionIdHeader)
void	setHostHeader(String hostHeader)	Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().
void	setProxyAsAuthority(boolean proxyAsAuthority)
void	setSslIsSecure(boolean sslIsSecure)
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

ForwardedRequestCustomizer

public ForwardedRequestCustomizer()

Method Details

getProxyAsAuthority

public boolean getProxyAsAuthority()

Returns:

true if the proxy address obtained via X-Forwarded-Server or RFC7239 "by" is used as the request authority. Default false

setProxyAsAuthority

public void setProxyAsAuthority(boolean proxyAsAuthority)

Parameters:

proxyAsAuthority - if true, use the proxy address obtained via X-Forwarded-Server or RFC7239 "by" as the request authority.

setForwardedOnly

public void setForwardedOnly(boolean rfc7239only)

Parameters:

rfc7239only - Configure to only support the RFC7239 Forwarded header and to not support any X-Forwarded- headers. This convenience method clears all the non RFC headers if passed true and sets them to the default values (if not already set) if passed false.

getForcedHost

public String getForcedHost()

setForcedHost

public void setForcedHost(String hostAndPort)

Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().

Parameters:

hostAndPort - The value of the host header to force.

getForwardedHeader

public String getForwardedHeader()

Returns:

The header name for RFC forwarded (default Forwarded)

setForwardedHeader

public void setForwardedHeader(String forwardedHeader)

Parameters:

forwardedHeader - The header name for RFC forwarded (default Forwarded)

getForwardedHostHeader

public String getForwardedHostHeader()

setForwardedHostHeader

public void setForwardedHostHeader(String forwardedHostHeader)

Parameters:

forwardedHostHeader - The header name for forwarded hosts (default X-Forwarded-Host)

getForwardedServerHeader

public String getForwardedServerHeader()

Returns:

the header name for forwarded server.

setForwardedServerHeader

public void setForwardedServerHeader(String forwardedServerHeader)

Parameters:

forwardedServerHeader - The header name for forwarded server (default X-Forwarded-Server)

getForwardedForHeader

public String getForwardedForHeader()

Returns:

the forwarded for header

setForwardedForHeader

public void setForwardedForHeader(String forwardedRemoteAddressHeader)

Parameters:

forwardedRemoteAddressHeader - The header name for forwarded for (default X-Forwarded-For)

getForwardedPortHeader

public String getForwardedPortHeader()

setForwardedPortHeader

public void setForwardedPortHeader(String forwardedPortHeader)

Parameters:

forwardedPortHeader - The header name for forwarded hosts (default X-Forwarded-Port)

getForwardedPortAsAuthority

public boolean getForwardedPortAsAuthority()

Returns:

if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address

setForwardedPortAsAuthority

public void setForwardedPortAsAuthority(boolean forwardedPortAsAuthority)

Set if the X-Forwarded-Port header will be used for Authority

Parameters:

forwardedPortAsAuthority - if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address

getForwardedProtoHeader

public String getForwardedProtoHeader()

Get the forwardedProtoHeader.

Returns:

the forwardedProtoHeader (default X-Forwarded-Proto)

setForwardedProtoHeader

public void setForwardedProtoHeader(String forwardedProtoHeader)

Set the forwardedProtoHeader.

Parameters:

forwardedProtoHeader - the forwardedProtoHeader to set (default X-Forwarded-Proto)

getForwardedCipherSuiteHeader

public String getForwardedCipherSuiteHeader()

Returns:

The header name holding a forwarded cipher suite (default Proxy-auth-cert)

setForwardedCipherSuiteHeader

public void setForwardedCipherSuiteHeader(String forwardedCipherSuiteHeader)

Parameters:

forwardedCipherSuiteHeader - The header name holding a forwarded cipher suite (default Proxy-auth-cert)

getForwardedSslSessionIdHeader

public String getForwardedSslSessionIdHeader()

Returns:

The header name holding a forwarded SSL Session ID (default Proxy-ssl-id)

setForwardedSslSessionIdHeader

public void setForwardedSslSessionIdHeader(String forwardedSslSessionIdHeader)

Parameters:

forwardedSslSessionIdHeader - The header name holding a forwarded SSL Session ID (default Proxy-ssl-id)

getForwardedHttpsHeader

public String getForwardedHttpsHeader()

Returns:

The header name holding a forwarded Https status indicator (on|off true|false) (default X-Proxied-Https)

setForwardedHttpsHeader

public void setForwardedHttpsHeader(String forwardedHttpsHeader)

Parameters:

forwardedHttpsHeader - the header name holding a forwarded Https status indicator(default X-Proxied-Https)

isSslIsSecure

public boolean isSslIsSecure()

Returns:

true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)

setSslIsSecure

public void setSslIsSecure(boolean sslIsSecure)

Parameters:

sslIsSecure - true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)

customize

public void customize(Connector connector,
 HttpConfiguration config,
 Request request)

Specified by:

customize in interface HttpConfiguration.Customizer

getSecurePort

protected static int getSecurePort(HttpConfiguration config)

onError

protected void onError(HttpField field,
 Throwable t)

getLeftMost

protected static String getLeftMost(String headerValue)

toString

public String toString()

Overrides:

toString in class Object

getHostHeader

public String getHostHeader()

setHostHeader

public void setHostHeader(String hostHeader)

Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().

Parameters:

hostHeader - The value of the host header to force.