Package org.eclipse.jetty.server

Class ForwardedRequestCustomizer

  • All Implemented Interfaces:
    HttpConfiguration.Customizer
    public class ForwardedRequestCustomizer
extends java.lang.Object
implements HttpConfiguration.Customizer
    Customize Requests for Proxy Forwarding.

    This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are

    • Forwarded, as defined by rfc7239
    • X-Forwarded-Host
    • X-Forwarded-Server
    • X-Forwarded-For
    • X-Forwarded-Proto
    • X-Proxied-Https

    If these headers are present, then the Request object is updated so that the proxy is not seen as the other end point of the connection on which the request came

    Headers can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised

    The Authority (host and port) is updated on the Request object based on the host / port information in the following search order.

    Request Authority Search Order
    # Value Origin Host Port Protocol Notes
    1 Forwarded Header "host=<host>" param (Required) "host=<host>:<port> param (Implied) "proto=<value>" param (Optional) From left-most relevant parameter (see rfc7239)
    2 X-Forwarded-Host Header Required Implied n/a left-most value
    3 X-Forwarded-Port Header n/a Required n/a left-most value (only if getForwardedPortAsAuthority() is true)
    4 X-Forwarded-Server Header Required Optional n/a left-most value
    5 X-Forwarded-Proto Header n/a Implied from value Required

    left-most value becomes protocol.
    6 X-Proxied-Https Header n/a Implied from value boolean

    left-most value determines protocol and port.
    See Also:
    Wikipedia: X-Forwarded-For, RFC 7239: Forwarded HTTP Extension

    • Constructor Detail

      • ForwardedRequestCustomizer

        public ForwardedRequestCustomizer()

    • Method Detail

      • getProxyAsAuthority

        public boolean getProxyAsAuthority()
        Returns:
        true if the proxy address obtained via X-Forwarded-Server or RFC7239 "by" is used as the request authority. Default false

      • setProxyAsAuthority

        public void setProxyAsAuthority​(boolean proxyAsAuthority)
        Parameters:
        proxyAsAuthority - if true, use the proxy address obtained via X-Forwarded-Server or RFC7239 "by" as the request authority.

      • setForwardedOnly

        public void setForwardedOnly​(boolean rfc7239only)
        Parameters:
        rfc7239only - Configure to only support the RFC7239 Forwarded header and to not support any X-Forwarded- headers. This convenience method clears all the non RFC headers if passed true and sets them to the default values (if not already set) if passed false.

      • getForcedHost

        public java.lang.String getForcedHost()

      • setForcedHost

        public void setForcedHost​(java.lang.String hostAndPort)
        Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().
        Parameters:
        hostAndPort - The value of the host header to force.

      • getForwardedHeader

        public java.lang.String getForwardedHeader()
        Returns:
        The header name for RFC forwarded (default Forwarded)

      • setForwardedHeader

        public void setForwardedHeader​(java.lang.String forwardedHeader)
        Parameters:
        forwardedHeader - The header name for RFC forwarded (default Forwarded)

      • getForwardedHostHeader

        public java.lang.String getForwardedHostHeader()

      • setForwardedHostHeader

        public void setForwardedHostHeader​(java.lang.String forwardedHostHeader)
        Parameters:
        forwardedHostHeader - The header name for forwarded hosts (default X-Forwarded-Host)

      • getForwardedServerHeader

        public java.lang.String getForwardedServerHeader()
        Returns:
        the header name for forwarded server.

      • setForwardedServerHeader

        public void setForwardedServerHeader​(java.lang.String forwardedServerHeader)
        Parameters:
        forwardedServerHeader - The header name for forwarded server (default X-Forwarded-Server)

      • getForwardedForHeader

        public java.lang.String getForwardedForHeader()
        Returns:
        the forwarded for header

      • setForwardedForHeader

        public void setForwardedForHeader​(java.lang.String forwardedRemoteAddressHeader)
        Parameters:
        forwardedRemoteAddressHeader - The header name for forwarded for (default X-Forwarded-For)

      • getForwardedPortHeader

        public java.lang.String getForwardedPortHeader()

      • setForwardedPortHeader

        public void setForwardedPortHeader​(java.lang.String forwardedPortHeader)
        Parameters:
        forwardedPortHeader - The header name for forwarded hosts (default X-Forwarded-Port)

      • getForwardedPortAsAuthority

        public boolean getForwardedPortAsAuthority()
        Returns:
        if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address

      • setForwardedPortAsAuthority

        public void setForwardedPortAsAuthority​(boolean forwardedPortAsAuthority)
        Set if the X-Forwarded-Port header will be used for Authority
        Parameters:
        forwardedPortAsAuthority - if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address

      • getForwardedProtoHeader

        public java.lang.String getForwardedProtoHeader()
        Get the forwardedProtoHeader.
        Returns:
        the forwardedProtoHeader (default X-Forwarded-Proto)

      • setForwardedProtoHeader

        public void setForwardedProtoHeader​(java.lang.String forwardedProtoHeader)
        Set the forwardedProtoHeader.
        Parameters:
        forwardedProtoHeader - the forwardedProtoHeader to set (default X-Forwarded-Proto)

      • getForwardedCipherSuiteHeader

        public java.lang.String getForwardedCipherSuiteHeader()
        Returns:
        The header name holding a forwarded cipher suite (default Proxy-auth-cert)

      • setForwardedCipherSuiteHeader

        public void setForwardedCipherSuiteHeader​(java.lang.String forwardedCipherSuiteHeader)
        Parameters:
        forwardedCipherSuiteHeader - The header name holding a forwarded cipher suite (default Proxy-auth-cert)

      • getForwardedSslSessionIdHeader

        public java.lang.String getForwardedSslSessionIdHeader()
        Returns:
        The header name holding a forwarded SSL Session ID (default Proxy-ssl-id)

      • setForwardedSslSessionIdHeader

        public void setForwardedSslSessionIdHeader​(java.lang.String forwardedSslSessionIdHeader)
        Parameters:
        forwardedSslSessionIdHeader - The header name holding a forwarded SSL Session ID (default Proxy-ssl-id)

      • getForwardedHttpsHeader

        public java.lang.String getForwardedHttpsHeader()
        Returns:
        The header name holding a forwarded Https status indicator (on|off true|false) (default X-Proxied-Https)

      • setForwardedHttpsHeader

        public void setForwardedHttpsHeader​(java.lang.String forwardedHttpsHeader)
        Parameters:
        forwardedHttpsHeader - the header name holding a forwarded Https status indicator(default X-Proxied-Https)

      • isSslIsSecure

        public boolean isSslIsSecure()
        Returns:
        true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)

      • setSslIsSecure

        public void setSslIsSecure​(boolean sslIsSecure)
        Parameters:
        sslIsSecure - true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)

      • onError

        protected void onError​(HttpField field,
                       java.lang.Throwable t)

      • getLeftMost

        protected static java.lang.String getLeftMost​(java.lang.String headerValue)

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object

      • getHostHeader

        @Deprecated
public java.lang.String getHostHeader()
        Deprecated.

      • setHostHeader

        @Deprecated
public void setHostHeader​(java.lang.String hostHeader)
        Deprecated.
        Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().
        Parameters:
        hostHeader - The value of the host header to force.