You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Abhijit Das <ab...@icloud.com> on 2016/05/11 18:47:56 UTC
Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log
down vote
<>favorite
<https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
What could be the issue?
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
remoteIpHeader="X-Forwarded-For"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributeEnabled="true"
resolveHosts="false"/>
Log ::
[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK
Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log
Posted by Igor Cicimov <ic...@gmail.com>.
On Thu, May 12, 2016 at 4:47 AM, Abhijit Das <ab...@icloud.com> wrote:
>
> down vote
> <>favorite
> <
> https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#
> >
> I am injecting a header with a rewrite policy on my LB to pass
> X-Forwarded-For header. Have verified that this appears on all the pages in
> the RESPONSE Header.
>
> I have the following config in server.xml , yet i am not able to see the
> Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
>
> What could be the issue?
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="10\.202\.13\.198"
> remoteIpHeader="X-Forwarded-For"
> proxiesHeader="x-forwarded-by"
> requestAttributesEnabled="true"
> />
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log"
> suffix=".txt"
> pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r
> %q %A %v %p %b %I %D"
> requestAttributeEnabled="true"
> resolveHosts="false"/>
> Log ::
>
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action
> - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86
> Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET
> /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72
> http-nio-8443-exec-17 13
>
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
>
>
> Snippet of my Resonse Header: showing my LB policy is injecting the
> X-Forwarded-For header.
>
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
>
>
Correct me if I've maybe misunderstood something but I have the same case
and I just chuck %{X-Forwarded-For}i in the pattern to capture the header.
Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log
Posted by Abhijit Das <ab...@icloud.com>.
RESOLVED … It should be injected in the REQUEST Header, I will now see if case matters.
On May 11, 2016, at 12:07 PM, Abhijit Das <ab...@icloud.com> wrote:
Thanks for pointing out, but that didn’t work either .. (I also changed the policy on the LB to inject in lower case x-forwarded-for thinking if it was case sensitive?) .. Do i need a filter as well in web.xml ?
The below Header is a RESPONSE header, where i am injecting x-forwarded-for
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
trustedProxies="10\.202\.13\.198"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributesEnabled="true"
resolveHosts="false”/>
Cache-Control:no-cache, must-revalidate
Content-Encoding:gzip
Content-Length:7918
Content-Security-Policy:frame-ancestors 'self'
Content-Type:text/html;charset=UTF-8
Date:Wed, 11 May 2016 19:06:37 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Vary:User-Agent
X-Accel-Buffering:no
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b5e4
X-App-Cluster-Node-Name:app_beta_clus_node1
X-App-Request-Time:1462993597316
X-Content-Type-Options:nosniff
x-forwarded-for:1.1.1.1
X-Frame-Options:SAMEORIGIN
X-Seraph-LoginReason:OK
X-XSS-Protection:1; mode=block
On May 11, 2016, at 12:01 PM, Mark Thomas <markt@apache.org <ma...@apache.org>> wrote:
On 11/05/2016 19:47, Abhijit Das wrote:
>
> down vote
> <>favorite
> <https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log# <https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>>
> I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
>
> I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
>
> What could be the issue?
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="10\.202\.13\.198"
> remoteIpHeader="X-Forwarded-For"
> proxiesHeader="x-forwarded-by"
> requestAttributesEnabled="true"
> />
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log"
> suffix=".txt"
> pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
> requestAttributeEnabled="true"
typo ^^^
You are missing an 's'
Mark
> resolveHosts="false"/>
> Log ::
>
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action <https://index.action/> - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
>
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
>
>
> Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
>
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org <ma...@tomcat.apache.org>
For additional commands, e-mail: users-help@tomcat.apache.org <ma...@tomcat.apache.org>
Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log
Posted by Abhijit Das <ab...@icloud.com>.
Thanks for pointing out, but that didn’t work either .. (I also changed the policy on the LB to inject in lower case x-forwarded-for thinking if it was case sensitive?) .. Do i need a filter as well in web.xml ?
The below Header is a RESPONSE header, where i am injecting x-forwarded-for
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
trustedProxies="10\.202\.13\.198"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributesEnabled="true"
resolveHosts="false”/>
Cache-Control:no-cache, must-revalidate
Content-Encoding:gzip
Content-Length:7918
Content-Security-Policy:frame-ancestors 'self'
Content-Type:text/html;charset=UTF-8
Date:Wed, 11 May 2016 19:06:37 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Vary:User-Agent
X-Accel-Buffering:no
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b5e4
X-App-Cluster-Node-Name:app_beta_clus_node1
X-App-Request-Time:1462993597316
X-Content-Type-Options:nosniff
x-forwarded-for:1.1.1.1
X-Frame-Options:SAMEORIGIN
X-Seraph-LoginReason:OK
X-XSS-Protection:1; mode=block
On May 11, 2016, at 12:01 PM, Mark Thomas <ma...@apache.org> wrote:
On 11/05/2016 19:47, Abhijit Das wrote:
>
> down vote
> <>favorite
> <https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
> I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
>
> I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
>
> What could be the issue?
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="10\.202\.13\.198"
> remoteIpHeader="X-Forwarded-For"
> proxiesHeader="x-forwarded-by"
> requestAttributesEnabled="true"
> />
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log"
> suffix=".txt"
> pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
> requestAttributeEnabled="true"
typo ^^^
You are missing an 's'
Mark
> resolveHosts="false"/>
> Log ::
>
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
>
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
>
>
> Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
>
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log
Posted by Mark Thomas <ma...@apache.org>.
On 11/05/2016 19:47, Abhijit Das wrote:
>
> down vote
> <>favorite
> <https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
> I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
>
> I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
>
> What could be the issue?
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="10\.202\.13\.198"
> remoteIpHeader="X-Forwarded-For"
> proxiesHeader="x-forwarded-by"
> requestAttributesEnabled="true"
> />
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> prefix="localhost_access_log"
> suffix=".txt"
> pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
> requestAttributeEnabled="true"
typo ^^^
You are missing an 's'
Mark
> resolveHosts="false"/>
> Log ::
>
> [11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
>
> As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
>
>
> Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
>
> Cache-Control:private
> Content-Encoding:gzip
> Content-Type:application/json
> Date:Wed, 11 May 2016 17:58:55 GMT
> Expires:Wed, 31 Dec 1969 16:00:00 PST
> Server:Apache-Coyote/1.1
> Strict-Transport-Security:max-age=31536000; includeSubDomains
> Transfer-Encoding:chunked
> Vary:User-Agent
> X-AUSERNAME:admin
> X-App-Cluster-Node:4e77b660
> X-App-Cluster-Node-Name:app_prod_clus_node3
> X-Content-Type-Options:nosniff
> X-Forwarded-For:1.1.1.1
> X-Seraph-LoginReason:OK
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org