Search code examples
javaspringspring-bootipv6x-forwarded-for

ForwardedHeaderFilter no longer support IPv6

After upgrading spring boot version to 2.4.9, the spring boot application works fine only for ipv4 but throws an error for ipv6. The app is deployed on google cloud run service. Current versions:

      <dependency>
        <groupId>com.google.cloud</groupId>
        <artifactId>spring-cloud-gcp-dependencies</artifactId>
        <version>2.0.3</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>

  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>2.4.9</version>
    <relativePath/> <!-- lookup parent from repository -->
  </parent>

Error:

java.lang.IllegalArgumentException: Invalid IPv4 address: 2409:4042:2319:a971:c4db:4661:939c:443b
    at org.springframework.web.util.UriComponentsBuilder.parseForwardedFor(UriComponentsBuilder.java:363)
    at org.springframework.web.filter.ForwardedHeaderFilter$ForwardedHeaderExtractingRequest.<init>(ForwardedHeaderFilter.java:246)
    at org.springframework.web.filter.ForwardedHeaderFilter.doFilterInternal(ForwardedHeaderFilter.java:149)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:190)

I was able to find a similar issue but did not find any solution. https://github.com/spring-projects/spring-framework/issues/26748

The line in the code that throws the error https://github.com/spring-projects/spring-framework/blob/6c68419073b43fb29114a3af4e402c729084ed84/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java#L363

Solution

  • The issue is due to google cloud run service not respecting RFC7239 standards and not due to spring boot. Cloud run fails to enclose IPv6 addresses with quotes and square brackets(as per RFC7239 standards) due to which spring interprets it as an IPv4 address and fails while parsing port number from the address.

    This is very strange that google cloud fails to follow the standard. As of today, the Google cloud team says they are working on the fix but ETA is not guaranteed.

    You can track the status here: https://issuetracker.google.com/issues/184230536?pli=1