On 14/06/2021 17:01, Leon Rosenberg wrote:
hi,
I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying to
"see" the user's ip in my logs. When I print out the headers I see that I
have headers in the request
CF-Connecting-IP
and
X-Forwarded-For
with real user's up, say 93.72.251.122. But when I make a request to
request.getRemoteAddr() it returns 162.158.103.188 which is cloudflare's
ip address, not the real one.
I added to the server.xml the remoteipvalue in different configuration und
"Host", i.e.:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
/>
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
/>
or assuming for defaults:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
/>
or even:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="CF-Connecting-IP"
/>
but none of them give me the getRemoteAddr properly. Is there a trick to
this configuration?
You need to tell Tomcat that 162.158.103.188 is trusted. Setting
trustedProxies="162\.158.103\.188" should do the trick.
There is debug logging in that Valve so you can set
org.apache.catalina.valves.RemoteIpValve.level=FINE
in $CATALINA_BASE/conf/logging.properties to get debug logging which
should help you see what is going on.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
