public class ForwardedRequestCustomizer extends Object implements HttpConfiguration.Customizer
This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are
Forwarded
, as defined by rfc7239
X-Forwarded-Host
X-Forwarded-Server
X-Forwarded-For
X-Forwarded-Proto
X-Proxied-Https
If these headers are present, then the Request
object is updated
so that the proxy is not seen as the other end point of the connection on which
the request came
Headers can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised
Constructor and Description |
---|
ForwardedRequestCustomizer() |
public boolean getProxyAsAuthority()
X-Forwarded-Server
or RFC7239 "by" is used as
the request authority. Default falsepublic void setProxyAsAuthority(boolean proxyAsAuthority)
proxyAsAuthority
- if true, use the proxy address obtained via
X-Forwarded-Server
or RFC7239 "by" as the request authority.public void setForwardedOnly(boolean rfc7239only)
rfc7239only
- Configure to only support the RFC7239 Forwarded header and to
not support any X-Forwarded-
headers. This convenience method
clears all the non RFC headers if passed true and sets them to
the default values (if not already set) if passed false.public String getForcedHost()
public void setForcedHost(String hostAndPort)
ServletRequest.getServerName()
and ServletRequest.getServerPort()
.hostAndPort
- The value of the host header to force.public String getForwardedHeader()
public void setForwardedHeader(String forwardedHeader)
forwardedHeader
- The header name for RFC forwarded (default Forwarded)public String getForwardedHostHeader()
public void setForwardedHostHeader(String forwardedHostHeader)
forwardedHostHeader
- The header name for forwarded hosts (default X-Forwarded-Host
)public String getForwardedServerHeader()
public void setForwardedServerHeader(String forwardedServerHeader)
forwardedServerHeader
- The header name for forwarded server (default X-Forwarded-Server
)public String getForwardedForHeader()
public void setForwardedForHeader(String forwardedRemoteAddressHeader)
forwardedRemoteAddressHeader
- The header name for forwarded for (default X-Forwarded-For
)public String getForwardedPortHeader()
public void setForwardedPortHeader(String forwardedPortHeader)
forwardedPortHeader
- The header name for forwarded hosts (default X-Forwarded-Port
)public boolean getForwardedPortAsAuthority()
public void setForwardedPortAsAuthority(boolean forwardedPortAsAuthority)
forwardedPortAsAuthority
- if true, the X-Forwarded-Port header applies to the authority,
else it applies to the remote client addresspublic String getForwardedProtoHeader()
X-Forwarded-Proto
)public void setForwardedProtoHeader(String forwardedProtoHeader)
forwardedProtoHeader
- the forwardedProtoHeader to set (default X-Forwarded-Proto
)public String getForwardedCipherSuiteHeader()
Proxy-auth-cert
)public void setForwardedCipherSuiteHeader(String forwardedCipherSuiteHeader)
forwardedCipherSuiteHeader
- The header name holding a forwarded cipher suite (default Proxy-auth-cert
)public String getForwardedSslSessionIdHeader()
Proxy-ssl-id
)public void setForwardedSslSessionIdHeader(String forwardedSslSessionIdHeader)
forwardedSslSessionIdHeader
- The header name holding a forwarded SSL Session ID (default Proxy-ssl-id
)public String getForwardedHttpsHeader()
X-Proxied-Https
)public void setForwardedHttpsHeader(String forwardedHttpsHeader)
forwardedHttpsHeader
- the header name holding a forwarded Https status indicator(default X-Proxied-Https
)public boolean isSslIsSecure()
public void setSslIsSecure(boolean sslIsSecure)
sslIsSecure
- true if the presence of an SSL session or certificate header is sufficient
to indicate a secure request (default is true)public void customize(Connector connector, HttpConfiguration config, Request request)
customize
in interface HttpConfiguration.Customizer
@Deprecated public String getHostHeader()
@Deprecated public void setHostHeader(String hostHeader)
ServletRequest.getServerName()
and ServletRequest.getServerPort()
.hostHeader
- The value of the host header to force.Copyright © 2010 - 2020 Adobe. All Rights Reserved