Class ForwardedRequestCustomizer

java.lang.Object
org.eclipse.jetty.server.ForwardedRequestCustomizer
All Implemented Interfaces:
HttpConfiguration.Customizer

public class ForwardedRequestCustomizer extends Object implements HttpConfiguration.Customizer
Customize Requests for Proxy Forwarding.

This customizer looks at at HTTP request for headers that indicate it has been forwarded by one or more proxies. Specifically handled are

  • Forwarded, as defined by rfc7239
  • X-Forwarded-Host
  • X-Forwarded-Server
  • X-Forwarded-For
  • X-Forwarded-Proto
  • X-Proxied-Https

If these headers are present, then the Request object is updated so that the proxy is not seen as the other end point of the connection on which the request came

Headers can also be defined so that forwarded SSL Session IDs and Cipher suites may be customised

The Authority (host and port) is updated on the Request object based on the host / port information in the following search order.

Request Authority Search Order
# Value Origin Host Port Protocol Notes
1 Forwarded Header "host=<host>" param (Required) "host=<host>:<port> param (Implied) "proto=<value>" param (Optional) From left-most relevant parameter (see rfc7239)
2 X-Forwarded-Host Header Required Implied n/a left-most value
3 X-Forwarded-Port Header n/a Required n/a left-most value (only if getForwardedPortAsAuthority() is true)
4 X-Forwarded-Server Header Required Optional n/a left-most value
5 X-Forwarded-Proto Header n/a Implied from value Required

left-most value becomes protocol.

6 X-Proxied-Https Header n/a Implied from value boolean

left-most value determines protocol and port.

See Also:
  • Constructor Details

    • ForwardedRequestCustomizer

      public ForwardedRequestCustomizer()
  • Method Details

    • getProxyAsAuthority

      public boolean getProxyAsAuthority()
      Returns:
      true if the proxy address obtained via X-Forwarded-Server or RFC7239 "by" is used as the request authority. Default false
    • setProxyAsAuthority

      public void setProxyAsAuthority(boolean proxyAsAuthority)
      Parameters:
      proxyAsAuthority - if true, use the proxy address obtained via X-Forwarded-Server or RFC7239 "by" as the request authority.
    • setForwardedOnly

      public void setForwardedOnly(boolean rfc7239only)
      Parameters:
      rfc7239only - Configure to only support the RFC7239 Forwarded header and to not support any X-Forwarded- headers. This convenience method clears all the non RFC headers if passed true and sets them to the default values (if not already set) if passed false.
    • getForcedHost

      public String getForcedHost()
    • setForcedHost

      public void setForcedHost(String hostAndPort)
      Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().
      Parameters:
      hostAndPort - The value of the host header to force.
    • getForwardedHeader

      public String getForwardedHeader()
      Returns:
      The header name for RFC forwarded (default Forwarded)
    • setForwardedHeader

      public void setForwardedHeader(String forwardedHeader)
      Parameters:
      forwardedHeader - The header name for RFC forwarded (default Forwarded)
    • getForwardedHostHeader

      public String getForwardedHostHeader()
    • setForwardedHostHeader

      public void setForwardedHostHeader(String forwardedHostHeader)
      Parameters:
      forwardedHostHeader - The header name for forwarded hosts (default X-Forwarded-Host)
    • getForwardedServerHeader

      public String getForwardedServerHeader()
      Returns:
      the header name for forwarded server.
    • setForwardedServerHeader

      public void setForwardedServerHeader(String forwardedServerHeader)
      Parameters:
      forwardedServerHeader - The header name for forwarded server (default X-Forwarded-Server)
    • getForwardedForHeader

      public String getForwardedForHeader()
      Returns:
      the forwarded for header
    • setForwardedForHeader

      public void setForwardedForHeader(String forwardedRemoteAddressHeader)
      Parameters:
      forwardedRemoteAddressHeader - The header name for forwarded for (default X-Forwarded-For)
    • getForwardedPortHeader

      public String getForwardedPortHeader()
    • setForwardedPortHeader

      public void setForwardedPortHeader(String forwardedPortHeader)
      Parameters:
      forwardedPortHeader - The header name for forwarded hosts (default X-Forwarded-Port)
    • getForwardedPortAsAuthority

      public boolean getForwardedPortAsAuthority()
      Returns:
      if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address
    • setForwardedPortAsAuthority

      public void setForwardedPortAsAuthority(boolean forwardedPortAsAuthority)
      Set if the X-Forwarded-Port header will be used for Authority
      Parameters:
      forwardedPortAsAuthority - if true, the X-Forwarded-Port header applies to the authority, else it applies to the remote client address
    • getForwardedProtoHeader

      public String getForwardedProtoHeader()
      Get the forwardedProtoHeader.
      Returns:
      the forwardedProtoHeader (default X-Forwarded-Proto)
    • setForwardedProtoHeader

      public void setForwardedProtoHeader(String forwardedProtoHeader)
      Set the forwardedProtoHeader.
      Parameters:
      forwardedProtoHeader - the forwardedProtoHeader to set (default X-Forwarded-Proto)
    • getForwardedCipherSuiteHeader

      public String getForwardedCipherSuiteHeader()
      Returns:
      The header name holding a forwarded cipher suite (default Proxy-auth-cert)
    • setForwardedCipherSuiteHeader

      public void setForwardedCipherSuiteHeader(String forwardedCipherSuiteHeader)
      Parameters:
      forwardedCipherSuiteHeader - The header name holding a forwarded cipher suite (default Proxy-auth-cert)
    • getForwardedSslSessionIdHeader

      public String getForwardedSslSessionIdHeader()
      Returns:
      The header name holding a forwarded SSL Session ID (default Proxy-ssl-id)
    • setForwardedSslSessionIdHeader

      public void setForwardedSslSessionIdHeader(String forwardedSslSessionIdHeader)
      Parameters:
      forwardedSslSessionIdHeader - The header name holding a forwarded SSL Session ID (default Proxy-ssl-id)
    • getForwardedHttpsHeader

      public String getForwardedHttpsHeader()
      Returns:
      The header name holding a forwarded Https status indicator (on|off true|false) (default X-Proxied-Https)
    • setForwardedHttpsHeader

      public void setForwardedHttpsHeader(String forwardedHttpsHeader)
      Parameters:
      forwardedHttpsHeader - the header name holding a forwarded Https status indicator(default X-Proxied-Https)
    • isSslIsSecure

      public boolean isSslIsSecure()
      Returns:
      true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)
    • setSslIsSecure

      public void setSslIsSecure(boolean sslIsSecure)
      Parameters:
      sslIsSecure - true if the presence of an SSL session or certificate header is sufficient to indicate a secure request (default is true)
    • customize

      public void customize(Connector connector, HttpConfiguration config, Request request)
      Specified by:
      customize in interface HttpConfiguration.Customizer
    • getSecurePort

      protected static int getSecurePort(HttpConfiguration config)
    • onError

      protected void onError(HttpField field, Throwable t)
    • getLeftMost

      protected static String getLeftMost(String headerValue)
    • toString

      public String toString()
      Overrides:
      toString in class Object
    • getHostHeader

      public String getHostHeader()
    • setHostHeader

      public void setHostHeader(String hostHeader)
      Set a forced valued for the host header to control what is returned by ServletRequest.getServerName() and ServletRequest.getServerPort().
      Parameters:
      hostHeader - The value of the host header to force.