From 01539cefef0837e5d99545b8d9954aef85ef8670 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Sexenian?=
 <99925035+tomas-sexenian@users.noreply.github.com>
Date: Tue, 20 Aug 2024 12:53:44 -0300
Subject: [PATCH 1/2] If enabled, only take the first comma separated ip

---
 .../com/genexus/webpanels/HttpContextWeb.java | 25 +++++++++----------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
index d54081c8c..51b5398b1 100644
--- a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
+++ b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
@@ -79,6 +79,7 @@ public class HttpContextWeb extends HttpContext {
 	private static final String SAME_SITE_LAX = "Lax";
 	private static final String SAME_SITE_STRICT = "Strict";
 	private static final String SET_COOKIE = "Set-Cookie";
+	private static String httpForwardedHeadersEnabled = System.getenv("HTTP_FORWARDEDHEADERS_ENABLED");
 
 	public static final int BROWSER_OTHER		= 0;
 	public static final int BROWSER_IE 		= 1;
@@ -630,8 +631,10 @@ public String getUserId(String key, ModelContext context, int handle, com.genexu
 	}
 
 	public String getRemoteAddr() {
+		boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
 		String address = getHeader("X-Forwarded-For");
-		if (address.length() > 0){
+		if (isEnabled && address != null && address.length() > 0) {
+			address = address.split(",")[0].trim();
 			return address;
 		}
 		address = request.getRemoteAddr();
@@ -948,33 +951,29 @@ public byte setCookie(String name, String value, String path, java.util.Date exp
 	}
 
 	public String getServerName() {
+		boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
 		String host = getHeader("X-Forwarded-Host");
-		if (host.length() > 0){
-			return host;
+		if (isEnabled && host != null && host.length() > 0) {
+			return host.split(",")[0].trim();
 		}
 		String serverNameProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_NAME", "");
 		if (!StringUtils.isBlank(serverNameProperty)) {
 			return serverNameProperty;
 		}
-		if (request != null)
-			return request.getServerName();
-
-		return "";
+		return request != null ? request.getServerName() : "";
 	}
 
 	public int getServerPort() {
+		boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
 		String port = getHeader("X-Forwarded-Port");
-		if (port.length() > 0){
-			return Integer.parseInt(port);
+		if (isEnabled && port != null && port.length() > 0) {
+			port = port.split(",")[0].trim();
+				return Integer.parseInt(port);
 		}
 		String serverPortProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_PORT", "");
 		if (!StringUtils.isBlank(serverPortProperty)) {
 			return Integer.parseInt(serverPortProperty);
 		}
-		String serverNameProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_NAME", "");
-		if (serverNameProperty.indexOf(':') != -1) {
-			return 80;
-		}
 		if (request != null) {
 			return request.getServerPort();
 		}

From 98e634c056208b3c8a9459097f76e769b85eefb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Sexenian?=
 <99925035+tomas-sexenian@users.noreply.github.com>
Date: Tue, 20 Aug 2024 14:10:19 -0300
Subject: [PATCH 2/2] Undo changes in getServerPort

---
 .../java/com/genexus/webpanels/HttpContextWeb.java     | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
index 51b5398b1..dc21ad1a5 100644
--- a/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
+++ b/java/src/main/java/com/genexus/webpanels/HttpContextWeb.java
@@ -964,16 +964,18 @@ public String getServerName() {
 	}
 
 	public int getServerPort() {
-		boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
 		String port = getHeader("X-Forwarded-Port");
-		if (isEnabled && port != null && port.length() > 0) {
-			port = port.split(",")[0].trim();
-				return Integer.parseInt(port);
+		if (port.length() > 0){
+			return Integer.parseInt(port);
 		}
 		String serverPortProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_PORT", "");
 		if (!StringUtils.isBlank(serverPortProperty)) {
 			return Integer.parseInt(serverPortProperty);
 		}
+		String serverNameProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_NAME", "");
+		if (serverNameProperty.indexOf(':') != -1) {
+			return 80;
+		}
 		if (request != null) {
 			return request.getServerPort();
 		}