diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java index dc7935ee219..953f0328e71 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java @@ -270,7 +270,7 @@ public class ServerProperties { private final Accesslog accesslog = new Accesslog(); /** - * Regular expression matching trusted IP addresses. + * Regular expression that matches proxies that are to be trusted. */ private String internalProxies = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 10/8 + "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" // 192.168/16 @@ -278,7 +278,8 @@ public class ServerProperties { + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8 + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12 + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" - + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; + + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + + "0:0:0:0:0:0:0:1|::1"; /** * Header that holds the incoming protocol, usually named "X-Forwarded-Proto". diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java index 090c9a3587d..b909677ea38 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java @@ -37,6 +37,7 @@ import org.apache.catalina.connector.Connector; import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardEngine; import org.apache.catalina.valves.AccessLogValve; +import org.apache.catalina.valves.RemoteIpValve; import org.apache.coyote.AbstractProtocol; import org.eclipse.jetty.server.HttpChannel; import org.eclipse.jetty.server.Request; @@ -260,6 +261,12 @@ public class ServerPropertiesTests { .isEqualTo(new AccessLogValve().getRequestAttributesEnabled()); } + @Test + public void tomcatInternalProxiesMatchesDefault() { + assertThat(this.properties.getTomcat().getInternalProxies()) + .isEqualTo(new RemoteIpValve().getInternalProxies()); + } + @Test public void jettyMaxHttpPostSizeMatchesDefault() throws Exception { JettyServletWebServerFactory jettyFactory = new JettyServletWebServerFactory(0); diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java index 3f0b835265a..1ddbc689a0c 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java @@ -227,7 +227,8 @@ public class TomcatWebServerFactoryCustomizerTests { + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8 + "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12 + "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" - + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}"; + + "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // + + "0:0:0:0:0:0:0:1|::1"; assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies); }