yeah, interestingly enough removing ipvalve and adding access log magic, puts the X-Forwarded-For in the localhost_access.log ... but strange nevertheless.
On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas <ma...@apache.org> wrote: > Maybe try commenting out the RemoteIpValve in Tomcat and retest so you > can see exactly what headers Tomcat is seeing. Alternatively, since this > is over http, Wireshark or similar could help. > > Mark > > > On 24/03/2023 10:29, Leon Rosenberg wrote: > > Hi, > > > > we have following setup > > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 > (on > > same host). > > Connection is via apache mod_http/proxy. > > > > Internal IP of the host is 10.138.0.3 (where httpd and docker are > running). > > In localhost_access log we see always 10.138.0.3 address. If going > through > > port 8080 directly, without httpd, we see the correct IP-Address. > > > > We have added RemoteIpValve to server xml. > > <Valve className="org.apache.catalina.valves.RemoteIpValve" > > remoteIpHeader="X-Forwarded-For" > > protocolHeader="X-Forwarded-Proto" > > internalProxies="10\.138\.0\.3"/> > > > > http config also has ProxyAddHeaders on, also I understand that to be > > default anyway: > > ProxyPass / http://10.138.0.3:8080/ > > ProxyPassReverse / http://10.138.0.3:8080/ > > ProxyErrorOverride Off > > ProxyAddHeaders On > > <Proxy *> > > Require all granted > > ProxyAddHeaders On > > </Proxy> > > > > When we print out all headers in a request, the X-Forwarded-For is > missing, > > so obviously tomcat does something with it, but doesn't trust the httpd? > So > > probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't > get > > my head around it. > > > > any help would be highly appreciated > > kr > > Leon > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
