Skip to content

ClientConnection.getRemoteAddr can return a hostname when behind a reverse proxy #34671

New issue
New issue
Closed
#35247
Closed
ClientConnection.getRemoteAddr can return a hostname when behind a reverse proxy#34671
#35247
Assignees
shawkins
Labels
area/corekind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.0.6release/26.1.0team/cloud-native
@vmuzikar

Description

@vmuzikar
vmuzikar
opened on Nov 5, 2024

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

When a reverse proxy sets the Forwarded header, the for part (identifying the original remote client) might not always contain an IP address but something else that can be parsed as a hostname. The ClientConnection.getRemoteAddr despite its name return a hostname (or IP if it's not a hostname). This is not correct as it does not match what the name suggest: an address.

There's already a ClientConnection.getRemoteHost method that has a better name for this purpose.

Version

main

Regression

  • The issue is a regression

Expected behavior

ClientConnection.getRemoteAddr returns IP address, or null if IP address is not available.

Actual behavior

ClientConnection.getRemoteAddr returns IP address, or whatever is provided in Forwarded: for= header.

How to Reproduce?

Send a request to Keycloak with Forwarded: for="_gazonk" header and call ClientConnection.getRemoteAddr.

Anything else?

No response

Metadata

Metadata

Assignees

Labels

area/corekind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.0.6release/26.1.0team/cloud-native

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions