We have updated Spring framework to 5.2.9.RELEASE (from 5.1.5.RELEASE) and Sprint boot to 2.3.4.RELEASE (from 2.1.4.RELEASE). We use X-Forwarded-For for Security Audit logging of the Source IP (Client's IP). Now we are no longer able to access X-Forwarded-For header and this functionality seems to be broken.
Previous Version:
x-forwarded-for 10.206.135.122, 10.91.122.122 x-forwarded-proto http x-forwarded-host cp0704.x.y.z.net x-forwarded-port 8000 x-real-ip 10.91.122.122 content-length 384 x-request-id 9c7d4d3b35705dd905899f13adf973a8 x-original-uri /a/b/c/d?Override=true x-scheme https content-type application/json user-agent PostmanRuntime/7.26.8 accept / cache-control no-cache postman-token ffbe2fa4-90f9-4ac5-bd2f-8853c33135c5 accept-encoding gzip, deflate, br
After Upgrade:
x-forwarded-proto http x-forwarded-host cp0704.x.y.z.net x-forwarded-port 8000 x-real-ip 10.91.122.122 content-length 384 x-request-id 6024ea0cf66249ad03b3cb33868c94a0 x-original-uri /a/b/c/d?Override=true x-scheme https content-type application/json user-agent PostmanRuntime/7.26.8 accept / cache-control no-cache postman-token a8e82716-cdc1-4fb6-b0fc-8839eb72eb29
Comment From: bclozel
As mentioned in the Spring Boot 2.2 release notes, the server.use-forward-headers
configuration properties has been deprecated in 2.2 and completely replaced in 2.3 by server.forward-headers-strategy
.
Maybe your configuration is outdated?
If this is not the case, could you provide a sample application we can git clone and run to reproduce the issue?
Thanks,
Comment From: spring-projects-issues
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.
Comment From: abhisheksinghblr
x-forwarded-for is coming now..
Worked with these parameters in application.properties-- server.port=9604 server.forward-headers-strategy=native server.tomcat.remoteip.protocol-header="X-Forwarded-Proto" server.tomcat.remoteip.remote-ip-header="X-Forwarded-For"
host abc.csfp.dyn.nesc.xyz.net connection keep-alive x-forwarded-for 10.206.135.89, 10.91.36.27 x-forwarded-proto http x-forwarded-host cp0031.abc.dyn.nesc.xyz.net x-forwarded-port 8000 x-real-ip 10.91.36.27 content-length 384 x-request-id 126359e31b2dc6ea524ff3c01b106738 x-original-uri /a/b/c/scheduled-jobs x-scheme https content-type application/json cache-control no-cache
Comment From: bclozel
Thanks for letting us know.
Comment From: Jaipal77
Similar kind of issues I am facing by using spring boot. On loaclhost it's working fine. x- forwarded value is coming. After the deployment on server. x-forwarded-for value which coming is x- forwarded-for 10.206.135.122, not coming is 10.91.122.122
x-forwarded-for 10.206.135.122, 10.91.122.122 x-forwarded-proto http x-forwarded-host cp0704.x.y.z.net x-forwarded-port 8000 x-real-ip 10.91.122.122 content-length 384 x-request-id 9c7d4d3b35705dd905899f13adf973a8 x-original-uri /a/b/c/d?Override=true x-scheme https content-type application/json user-agent PostmanRuntime/7.26.8 accept / cache-control no-cache postman-token ffbe2fa4-90f9-4ac5-bd2f-8853c33135c5 accept-encoding gzip, deflate, br
Comment From: bclozel
@Jaipal77
Thanks for getting in touch, but it feels like this is a question that would be better suited to StackOverflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.