[LPE-1468] SecureFilter does not honor SERVER_IP - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.1 EE SP4 (5.1.7), 5.2 EE SP1 (5.2.5)
Fix Version/s: 5.1 EE SP5 (5.1.8), 5.2 EE SP2 (5.2.6)
Component/s: Application Security
Labels:
- 5.2_release_notes
Environment:
All

Description

The following properties:

main.servlet.hosts.allowed
axis.servlet.hosts.allowed
json.servlet.hosts.allowed
tunnel.servlet.hosts.allowed
spring.remoting.servlet.hosts.allowed
webdav.servlet.hosts.allowed

can be configured with a SERVER_IP token to indicate that only requests from the same IP address as the server should be allowed. However, this SERVER_IP token is not honored. This is generally not an issue because requests from the same server usually show up as 127.0.0.1 instead of of the actual server IP address.

Attachments

Issue Links

is related to

LPS-5314 SecureFilter does not honor SERVER_IP

Closed

Activity

People

Assignee:: Michael Saechang

Reporter:: Samuel Kong

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 09/Oct/09 3:06 AM

Updated:: 20/Dec/22 12:46 PM

Resolved:: 21/Dec/09 11:00 AM

Packages

Version	Package
5.1 EE SP5 (5.1.8)
5.2 EE SP2 (5.2.6)