Full log output (dumping out headers, without the valve): 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: host; value: api.myhost.net 6049752 2023-03-24 14:07:59,749 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: user-agent; value: Wget/1.21.3 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: accept; value: */* 6049754 2023-03-24 14:07:59,751 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: accept-encoding; value: identity 6049755 2023-03-24 14:07:59,752 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-for; value: 217.110.113.178 6049756 2023-03-24 14:07:59,753 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-host; value: api.myhost.net 6049757 2023-03-24 14:07:59,754 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: x-forwarded-server; value: api.myhost.net 6049758 2023-03-24 14:07:59,755 [http-apr-8080-exec-13] INFO n.a.c.extapi.ping.PingResource:38 - key: connection; value: Keep-Alive
217.110.113.178 is my ip, so the value is correct. On Fri, Mar 24, 2023 at 3:07 PM Leon Rosenberg <rosenberg.l...@gmail.com> wrote: > yeah, interestingly enough removing ipvalve and adding access log magic, > puts the X-Forwarded-For in the localhost_access.log ... but strange > nevertheless. > > On Fri, Mar 24, 2023 at 11:44 AM Mark Thomas <ma...@apache.org> wrote: > >> Maybe try commenting out the RemoteIpValve in Tomcat and retest so you >> can see exactly what headers Tomcat is seeing. Alternatively, since this >> is over http, Wireshark or similar could help. >> >> Mark >> >> >> On 24/03/2023 10:29, Leon Rosenberg wrote: >> > Hi, >> > >> > we have following setup >> > apache 2.4 on a ubuntu host, in front of docker-container with tomcat9 >> (on >> > same host). >> > Connection is via apache mod_http/proxy. >> > >> > Internal IP of the host is 10.138.0.3 (where httpd and docker are >> running). >> > In localhost_access log we see always 10.138.0.3 address. If going >> through >> > port 8080 directly, without httpd, we see the correct IP-Address. >> > >> > We have added RemoteIpValve to server xml. >> > <Valve className="org.apache.catalina.valves.RemoteIpValve" >> > remoteIpHeader="X-Forwarded-For" >> > protocolHeader="X-Forwarded-Proto" >> > internalProxies="10\.138\.0\.3"/> >> > >> > http config also has ProxyAddHeaders on, also I understand that to be >> > default anyway: >> > ProxyPass / http://10.138.0.3:8080/ >> > ProxyPassReverse / http://10.138.0.3:8080/ >> > ProxyErrorOverride Off >> > ProxyAddHeaders On >> > <Proxy *> >> > Require all granted >> > ProxyAddHeaders On >> > </Proxy> >> > >> > When we print out all headers in a request, the X-Forwarded-For is >> missing, >> > so obviously tomcat does something with it, but doesn't trust the >> httpd? So >> > probably the line internalProxies="10\.138\.0\.3" is wrong, bug I can't >> get >> > my head around it. >> > >> > any help would be highly appreciated >> > kr >> > Leon >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
