On 28/03/2023 21:08, Leon Rosenberg wrote:
Sorry it took a little longer. Turns out that the actual RemoteIpValve works correctly, but the *Access Log Valve *doesn't. We were primarily looking into the localhost_access*logs, hence the confusion:Headers with RemoteIpValue on: header: host; value: api.myhost.com header: user-agent; value: PostmanRuntime/7.29.2 header: accept; value: */* header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f header: accept-encoding; value: gzip, deflate, br header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22 header: x-forwarded-host; value: api.myhost.com header: x-forwarded-server; value: api.myhost.com header: connection; value: Keep-Alive remote host: 77.178.32.184 remote ip: 77.178.32.184 Headers with RemoteIpValue off: header: host; value: api.myhost.com header: user-agent; value: PostmanRuntime/7.29.2 header: accept; value: */* header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96 header: accept-encoding; value: gzip, deflate, br header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED header: x-forwarded-for; value: 77.178.32.184 header: x-forwarded-host; value: api.myhost.com header: x-forwarded-server; value: api.myhost.com header: connection; value: Keep-Alive remote host: 10.138.0.3 remote ip: 10.138.0.3 however, the AccessLogValue, which is configured as: <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%{X-Forwarded-For}i %a %l %u %t "%r" %s %b" /> Prints the local address as %a. We added %{X-Forwarded-For}i as workaround, so it works for now, but I'd expect %a to print the 'real' ip address instead of the local one. Same config works on 8.5 interestingly enough.
I think Konstantin mentioned this earlier in the thread. Look at the requestAttributesEnabled attribute for the AccessLogValve
https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Access_Log_Valve Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
