From e12439c2f4cd8bd7ed9e6789439eeb1f44b5606f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Fern=C3=A1ndez-Victorio?= Date: Tue, 30 Jan 2018 13:33:31 +0000 Subject: [PATCH] Don't forward proto if we receive the header If we receive a header for X-Forwarded-For and we have the parameter forwardIP, we add the IP of this machine to the list of IPs. However for X-Forwarded-Proto it is not a list. We send the proto of the existing request (if forwardIP is enabled). This change honors the header if we receive it --- .../mitre/dsmiley/httpproxy/ProxyServlet.java | 12 ++++++++---- .../dsmiley/httpproxy/ProxyServletTest.java | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/mitre/dsmiley/httpproxy/ProxyServlet.java b/src/main/java/org/mitre/dsmiley/httpproxy/ProxyServlet.java index a17a980e..aadfc43d 100644 --- a/src/main/java/org/mitre/dsmiley/httpproxy/ProxyServlet.java +++ b/src/main/java/org/mitre/dsmiley/httpproxy/ProxyServlet.java @@ -91,7 +91,7 @@ public class ProxyServlet extends HttpServlet { /** A integer parameter name to set the socket read timeout (millis) */ public static final String P_READTIMEOUT = "http.read.timeout"; - + /** The parameter name for the target (destination) URI to proxy to. */ protected static final String P_TARGET_URI = "targetUri"; protected static final String ATTR_TARGET_URI = @@ -173,7 +173,7 @@ public void init() throws ServletException { if (connectTimeoutString != null) { this.connectTimeout = Integer.parseInt(connectTimeoutString); } - + String readTimeoutString = getConfigParam(P_READTIMEOUT); if (readTimeoutString != null) { this.readTimeout = Integer.parseInt(readTimeoutString); @@ -388,8 +388,8 @@ protected void consumeQuietly(HttpEntity entity) { } } - /** - * Copy request headers from the servlet client to the proxy request. + /** + * Copy request headers from the servlet client to the proxy request. * This is easily overridden to add your own. */ protected void copyRequestHeaders(HttpServletRequest servletRequest, HttpRequest proxyRequest) { @@ -446,6 +446,10 @@ private void setXForwardedForHeader(HttpServletRequest servletRequest, String protoHeaderName = "X-Forwarded-Proto"; String protoHeader = servletRequest.getScheme(); + String existingProtoHeader = servletRequest.getHeader(protoHeaderName); + if (existingProtoHeader != null) { + protoHeader = existingProtoHeader; + } proxyRequest.setHeader(protoHeaderName, protoHeader); } } diff --git a/src/test/java/org/mitre/dsmiley/httpproxy/ProxyServletTest.java b/src/test/java/org/mitre/dsmiley/httpproxy/ProxyServletTest.java index 2ad3fcb5..9eb52554 100755 --- a/src/test/java/org/mitre/dsmiley/httpproxy/ProxyServletTest.java +++ b/src/test/java/org/mitre/dsmiley/httpproxy/ProxyServletTest.java @@ -232,6 +232,24 @@ public void handle(HttpRequest request, HttpResponse response, HttpContext conte WebResponse rsp = execAndAssert(req, ""); } + @Test + public void testWithExistingXForwardedProto() throws Exception { + final String PROTO_HEADER = "X-Forwarded-Proto"; + + localTestServer.register("/targetPath*", new RequestInfoHandler() { + public void handle(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { + Header xForwardedProtoHeader = request.getFirstHeader(PROTO_HEADER); + assertEquals("https", xForwardedProtoHeader.getValue()); + super.handle(request, response, context); + } + }); + + GetMethodWebRequest req = makeGetMethodRequest(sourceBaseUri); + req.setHeaderField(PROTO_HEADER, "https"); + WebResponse rsp = execAndAssert(req, ""); + } + + @Test public void testEnabledXForwardedFor() throws Exception { final String FOR_HEADER = "X-Forwarded-For";