This is perhaps rather a shortcoming than a bug per se. It is present in JBossWeb delivered with EAP 6.3.0 and it has been fixed in jbossweb-7.5.4.Final delivered with EAP 6.4.0 Beta. Both Tomcat 8 and Tomcat 7 in JWS3 don't have the patch. Notes: * This valve only looks for the ssl_client_cert header, it should look for ssl_client_cert headers to account for X-Forwarded-For headers as well. * https://developer.jboss.org/wiki/SSLModproxyForwarding * http://anonsvn.jboss.org/repos/jbossweb/sandbox/valves/src/SSLValve.java WDYT?
OMG, it's tomcat7 and tomcat8 :-)
Tracked in JIRA.
David Knox <dknox> updated the status of jira JWS-89 to Resolved
Michal Karm Babacek <mbabacek> updated the status of jira JWS-89 to Reopened
Michal Karm Babacek <mbabacek> updated the status of jira JWS-89 to Resolved
Michal Karm Babacek <mbabacek> updated the status of jira JWS-89 to Closed