What is the best practice for accomplishing this task? Geoff
From: Jérôme LELEU [mailto:[email protected]] Sent: Tuesday, April 15, 2014 11:13 AM To: [email protected] Subject: Re: [cas-user] Intercepting X-Forwarded-For for the proper Client IP Address Hi, In fact, the Tomcat Valve is not a good idea as the header is moved to the IP address and deleted. If you use the Tomcat Valve, you don't need any specific configuration in your filter... Best, Jérôme 2014-04-15 17:00 GMT+02:00 Ourada, John <[email protected]<mailto:[email protected]>>: In my case, I did it in the tomcat server.xml Ip addresses redacted. <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="x.x.x.*” remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" /> From: Jérôme LELEU [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, April 15, 2014 2:36 AM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] Intercepting X-Forwarded-For for the proper Client IP Address Hi, It looks good to me. No way to ouput incoming headers with a Tomcat Valve or Apache layer? Before contacting network guys... Best regards, J2rôme 2014-04-14 19:28 GMT+02:00 Ben Branch <[email protected]<mailto:[email protected]>>: All, Recently attempted to configure Inspektr to try and capture the client ip address out of the X-Fowarded-For Header. After making this change and restarting the services, I’m still seeing the client IP address of the load balancer instead of the actual client IP. This is what I added to my web.xml: <filter> <filter-name>CAS Client Info Logging Filter</filter-name> <filter-class>com.github.inspektr.common.web.ClientInfoThreadLocalFilter</filter-class> <init-param> <param-name>alternativeIpAddressHeader</param-name> <param-value>X-Forwarded-For</param-value> </init-param> </filter> Is there anything else I need to do? Or should I contact my network guys and begin troubleshooting at the load balancer? Ben Branch UNIX/Linux Administrator University of Central Oklahoma ITIL Foundation v3, Network+, RHCSA 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbranch@uco.<mailto:bbranch@uco.>edu | www.uco.edu<http://www.uco.edu/> “I am wiser than this man, for neither of us appears to know anything great and good; but he fancies he knows something, although he knows nothing; whereas I, as I do not know anything, so I do not fancy I do. In this trifling particular, then, I appear to be wiser than he, because I do not fancy I know what I do not know.” - Socrates **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** -This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
