-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Frank,
On 3/31/20 02:26, Frank Tornack wrote: > I currently have a problem with Tomcat7, or rather a colleague has > it. Which exact version of Tomcat 7? > Personally I would like to help him, but I can't find the error > myself. We already asked the question on stackoverflow.com and got > a good hint, but unfortunately no solving. So I would like to ask > for help and support here. I think I am violating the directive of > asking a double question, but it is important to me personally to > help this colleague. Therefore I am at least honest, the question > can also be found at the link: > https://stackoverflow.com/questions/60827540/tomcat-x-forwarded-for-do esnt-work-with-load-balancer > > We run a software that uses Tomcat as application server behind a > load balancer. Now we would like to record the initial address of > the requests and not the IP of the load balancer. We have used > these 3 websites for the setup, but unfortunately it does not work. > The IPs of the loadbalancers are still written to the access log. > https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valve s/RemoteIpValve.html > > https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/ AccessLogValve.html > https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_V alve You > are at least on the right track. > We used the following configuration for access logging and remote > valve: <Valve className="org.apache.catalina.valves.RemoteIpValve" > internalProxies="xxx\.xxx\.xxx\.7|xxx\.xxx\.xxx\.8|xxx\.xxx\.xxx\.9" > r emoteIpHeader="X-Forwarded-For" /> <Valve > className="org.apache.catalina.valves.AccessLogValve" > directory="logs" prefix="access_log." suffix=".log" > pattern="%{org.apache.catalina.AccessLog.RemoteAddr}r %l %u %t > "%r" %s %b" requestAttributesEnabled="true" /> What is the IP address of your load-balancer(s)? One of those xxx.xxx.xxx.[789]? > The request header 'X-Forwarded-For' was set and load balancer was > analyzed via wireshark and Request Dumper Filter. We can see the > header in both. However we still only get the IP of the load > balancer and not the IP of the remote client. The IP adresses of > the config have already been checked and they are correct. > > Thank you very much in advance for your support. Please post the <Connector> that you are using to receive requests from your load-balancer. Are you seeing any warnings/errors in your log file when Tomcat starts? During the first few requests? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6DTvoACgkQHPApP6U8 pFhlDw//Xnes0kbjYIQjMHJTTUKJHqNg54YNr4iS+JbDPotzKWkYOXtuC1CoX5zV RPHc3w7wzVQuqCWoRLJJ7AIFXFH1NPG8D1UfALCI/SpLRHgE7v6RZKRTgVqGCNCQ zYkloRV8pKZfQfYTc9qiTZYse0EmUkAbg0vHx+vUduI04mOFEsEL/3K15e4ERrAq HuMr2orHMepxFfkoRbE+uZmcSgyXec7XupLvrd0pUZRXT5futmgmqw0tmH0vMQM5 ZLMjW51LTvO+Ps5oR15Lfny55U6yxME7UkJa8QhsEEo8dSJV8eDiEiWo0uPEIIxr LfSp8TpZ4vBprcZB1EkFvBQfFsHxfxQbuMLO9iGsAq+AHjolp6A95V+QDwN8Fpaf ZxekTijUvzsb+CFNmq1t8LG3BPhmdtgGRODf4Zoq029DnVMdhHDPxjAMeBk6y4uV bAQ6pQDbL6fozcjHPnf4xgfq0PtHk4ow7P3NiUl52SPvyBMCacGnenEME3bAUAFf UZr9CV47DEszPzOxI1bvRZG8J6Epz8BIcPSKTlQF86F0AHEZEXmenLVRj6EdrZ2B cH7D61Px3wLtjjR3Qd5xgJnuMkUOVc6xdvKFc+X9rHPc3hsBqHMtHGT0FwGaay/L rQtwOzzNcVVUdIfrHUmIYOtBbsTUXoomP0uOV5ReBVHYBprIHBg= =k6fr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
