public class XForwardedRemoteAddressResolver extends Object implements RemoteAddressResolver
RemoteAddressResolver
and
ServerHttpRequest.getRemoteAddress()
. Use the static constructor methods which
meets your security requirements.Modifier and Type | Field and Description |
---|---|
static String |
X_FORWARDED_FOR
Forwarded-For header name.
|
Modifier and Type | Method and Description |
---|---|
static XForwardedRemoteAddressResolver |
maxTrustedIndex(int maxTrustedIndex)
trusted IP address found in the X-Forwarded-For header (when present).
|
InetSocketAddress |
resolve(org.springframework.web.server.ServerWebExchange exchange)
The X-Forwarded-For header contains a comma separated list of IP addresses.
|
static XForwardedRemoteAddressResolver |
trustAll() |
public static final String X_FORWARDED_FOR
public static XForwardedRemoteAddressResolver trustAll()
XForwardedRemoteAddressResolver
which always extracts the first
IP address found in the X-Forwarded-For header (when present). Equivalent to
calling maxTrustedIndex(int)
with a maxTrustedIndex
of
Integer.MAX_VALUE
. This configuration is vulnerable to spoofing via
manually setting the X-Forwarded-For header. If the resulting IP address is used
for security purposes, use maxTrustedIndex(int)
instead.public static XForwardedRemoteAddressResolver maxTrustedIndex(int maxTrustedIndex)
maxTrustedIndex -> result [MIN_VALUE,0] -> IllegalArgumentException 1 -> 0.0.0.3 2 -> 0.0.0.2 3 -> 0.0.0.1 [4, MAX_VALUE] -> 0.0.0.1
maxTrustedIndex
- correlates to the number of trusted proxies expected in
front of Spring Cloud Gateway (index starts at 1).XForwardedRemoteAddressResolver
which extracts the lastpublic InetSocketAddress resolve(org.springframework.web.server.ServerWebExchange exchange)
resolve
in interface RemoteAddressResolver
Copyright © 2020 Pivotal Software, Inc.. All rights reserved.