On 20/12/2009 16:04, André Warnier wrote: > In other words : it seems that quite early in the request process, a > decision is taken to *replace* the remote IP address as obtained from > the socket, by the ultimate IP of the client for which this proxy > request is being processed. This casts a doubt on the ability of even a > servlet filter to obtain the IP address of the proxy server which has > the real connection with Tomcat. > > > All a bit beyond my dabbling capabilities, I'm afraid.
This is one of those times where the solution will depend on the protocol you are using. The AJP connectors will report the client's IP address so you need an alternative solution. Using the "request.secret" attribute is probably the simplest fix although keep in mind that AJP is clear text so the secret might not be that secret. The HTTP connectors will report the proxy's IP address so the RemoteAddressValve can be used. Note in Tomcat 7: - where the RemoteIpValve is available you would need to make sure that the RemoteAddressVlave was earlier in the pipeline than the RemoteIpValve - you have the option of using Valves or Filters for this functionality HTH, Mark > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
