2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.server;
21 import java.net.InetSocketAddress;
23 import javax.servlet.ServletRequest;
25 import org.eclipse.jetty.http.HttpFields;
26 import org.eclipse.jetty.http.HttpHeader;
27 import org.eclipse.jetty.http.HttpScheme;
28 import org.eclipse.jetty.server.HttpConfiguration.Customizer;
31 /* ------------------------------------------------------------ */
32 /** Customize Requests for Proxy Forwarding.
34 * This customizer looks at at HTTP request for headers that indicate
35 * it has been forwarded by one or more proxies. Specifically handled are:
37 * <li>X-Forwarded-Host</li>
38 * <li>X-Forwarded-Server</li>
39 * <li>X-Forwarded-For</li>
40 * <li>X-Forwarded-Proto</li>
42 * <p>If these headers are present, then the {@link Request} object is updated
43 * so that the proxy is not seen as the other end point of the connection on which
44 * the request came</p>
45 * <p>Headers can also be defined so that forwarded SSL Session IDs and Cipher
46 * suites may be customised</p>
47 * @see <a href="http://en.wikipedia.org/wiki/X-Forwarded-For">Wikipedia: X-Forwarded-For</a>
49 public class ForwardedRequestCustomizer implements Customizer
51 private String _hostHeader;
52 private String _forwardedHostHeader = HttpHeader.X_FORWARDED_HOST.toString();
53 private String _forwardedServerHeader = HttpHeader.X_FORWARDED_SERVER.toString();
54 private String _forwardedForHeader = HttpHeader.X_FORWARDED_FOR.toString();
55 private String _forwardedProtoHeader = HttpHeader.X_FORWARDED_PROTO.toString();
56 private String _forwardedCipherSuiteHeader;
57 private String _forwardedSslSessionIdHeader;
60 /* ------------------------------------------------------------ */
61 public String getHostHeader()
66 /* ------------------------------------------------------------ */
68 * Set a forced valued for the host header to control what is returned by {@link ServletRequest#getServerName()} and {@link ServletRequest#getServerPort()}.
71 * The value of the host header to force.
73 public void setHostHeader(String hostHeader)
75 _hostHeader = hostHeader;
78 /* ------------------------------------------------------------ */
81 * @see #setForwarded(boolean)
83 public String getForwardedHostHeader()
85 return _forwardedHostHeader;
88 /* ------------------------------------------------------------ */
90 * @param forwardedHostHeader
91 * The header name for forwarded hosts (default x-forwarded-host)
93 public void setForwardedHostHeader(String forwardedHostHeader)
95 _forwardedHostHeader = forwardedHostHeader;
98 /* ------------------------------------------------------------ */
100 * @return the header name for forwarded server.
102 public String getForwardedServerHeader()
104 return _forwardedServerHeader;
107 /* ------------------------------------------------------------ */
109 * @param forwardedServerHeader
110 * The header name for forwarded server (default x-forwarded-server)
112 public void setForwardedServerHeader(String forwardedServerHeader)
114 _forwardedServerHeader = forwardedServerHeader;
117 /* ------------------------------------------------------------ */
119 * @return the forwarded for header
121 public String getForwardedForHeader()
123 return _forwardedForHeader;
126 /* ------------------------------------------------------------ */
128 * @param forwardedRemoteAddressHeader
129 * The header name for forwarded for (default x-forwarded-for)
131 public void setForwardedForHeader(String forwardedRemoteAddressHeader)
133 _forwardedForHeader = forwardedRemoteAddressHeader;
136 /* ------------------------------------------------------------ */
138 * Get the forwardedProtoHeader.
140 * @return the forwardedProtoHeader (default X-Forwarded-For)
142 public String getForwardedProtoHeader()
144 return _forwardedProtoHeader;
147 /* ------------------------------------------------------------ */
149 * Set the forwardedProtoHeader.
151 * @param forwardedProtoHeader
152 * the forwardedProtoHeader to set (default X-Forwarded-For)
154 public void setForwardedProtoHeader(String forwardedProtoHeader)
156 _forwardedProtoHeader = forwardedProtoHeader;
159 /* ------------------------------------------------------------ */
161 * @return The header name holding a forwarded cipher suite (default null)
163 public String getForwardedCipherSuiteHeader()
165 return _forwardedCipherSuiteHeader;
168 /* ------------------------------------------------------------ */
170 * @param forwardedCipherSuite
171 * The header name holding a forwarded cipher suite (default null)
173 public void setForwardedCipherSuiteHeader(String forwardedCipherSuite)
175 _forwardedCipherSuiteHeader = forwardedCipherSuite;
178 /* ------------------------------------------------------------ */
180 * @return The header name holding a forwarded SSL Session ID (default null)
182 public String getForwardedSslSessionIdHeader()
184 return _forwardedSslSessionIdHeader;
187 /* ------------------------------------------------------------ */
189 * @param forwardedSslSessionId
190 * The header name holding a forwarded SSL Session ID (default null)
192 public void setForwardedSslSessionIdHeader(String forwardedSslSessionId)
194 _forwardedSslSessionIdHeader = forwardedSslSessionId;
197 /* ------------------------------------------------------------ */
199 public void customize(Connector connector, HttpConfiguration config, Request request)
201 HttpFields httpFields = request.getHttpFields();
204 if (getForwardedCipherSuiteHeader()!=null)
206 String cipher_suite=httpFields.getStringField(getForwardedCipherSuiteHeader());
207 if (cipher_suite!=null)
208 request.setAttribute("javax.servlet.request.cipher_suite",cipher_suite);
210 if (getForwardedSslSessionIdHeader()!=null)
212 String ssl_session_id=httpFields.getStringField(getForwardedSslSessionIdHeader());
213 if(ssl_session_id!=null)
215 request.setAttribute("javax.servlet.request.ssl_session_id", ssl_session_id);
216 request.setScheme(HttpScheme.HTTPS.asString());
220 // Retrieving headers from the request
221 String forwardedHost = getLeftMostFieldValue(httpFields,getForwardedHostHeader());
222 String forwardedServer = getLeftMostFieldValue(httpFields,getForwardedServerHeader());
223 String forwardedFor = getLeftMostFieldValue(httpFields,getForwardedForHeader());
224 String forwardedProto = getLeftMostFieldValue(httpFields,getForwardedProtoHeader());
226 if (_hostHeader != null)
228 // Update host header
229 httpFields.put(HttpHeader.HOST.toString(),_hostHeader);
230 request.setServerName(null);
231 request.setServerPort(-1);
232 request.getServerName();
234 else if (forwardedHost != null)
236 // Update host header
237 httpFields.put(HttpHeader.HOST.toString(),forwardedHost);
238 request.setServerName(null);
239 request.setServerPort(-1);
240 request.getServerName();
242 else if (forwardedServer != null)
244 // Use provided server name
245 request.setServerName(forwardedServer);
248 if (forwardedFor != null)
250 request.setRemoteAddr(InetSocketAddress.createUnresolved(forwardedFor,request.getRemotePort()));
253 if (forwardedProto != null)
255 request.setScheme(forwardedProto);
256 if (forwardedProto.equals(config.getSecureScheme()))
257 request.setSecure(true);
261 /* ------------------------------------------------------------ */
262 protected String getLeftMostFieldValue(HttpFields fields, String header)
267 String headerValue = fields.getStringField(header);
269 if (headerValue == null)
272 int commaIndex = headerValue.indexOf(',');
274 if (commaIndex == -1)
280 // The left-most value is the farthest downstream client
281 return headerValue.substring(0,commaIndex);
285 /* ------------------------------------------------------------ */
287 public String toString()
289 return String.format("%s@%x",this.getClass().getSimpleName(),hashCode());