You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/01/27 22:34:31 UTC
[Bug 56058] AccessLogValve Local IP/port inconsistent
https://issues.apache.org/bugzilla/show_bug.cgi?id=56058
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
I've been looking at the source and doing some testing.
For the AJP protocol:
- %a and %h always refer to the client as seen by the reverse proxy
- %v is the host header received by the reverse proxy or the reverse proxy's
host name for HTTP/1.0 or HTTP/0.9 requests
- %A is always InetAddress.getLocalHost().getHostAddress() (or 127.0.0.1 if
that fails)
- %p is the port that the reverse proxy received the connection on
The IP address that the reverse proxy received the connection on is not
available in the AJP protocol. You could make this available by setting a
custom HTTP header in the reverse proxy and then displaying the value of that
header in the AccessLogValve.
Because of the way AJP is implemented, it is probably easiest to expose the
connector port the same way (since the reverse proxy must know what port it is
sending the request to).
It is highly unlikely that there is going to be any functional changes to
Tomcat 6 this area.
You do get much more control if you:
- upgrade to Tomcat 7.0.x or Tomcat 8.0.x
- switch to using HTTP rather than AJP for your reverse proxy
- use the RemoteIpValve or RemoteIpFilter
- configure the RemoteIpValve or RemoteIpFilter with
requestAttributesEnabled=true
- configure the AccessLogValve with requestAttributesEnabled=false
With this configuration the standard access log valve elements will record the
values as seen by Tomcat. The values as seen by the proxy will be available as
request attributes that can be included in the access log via the %{xxx}r
pattern.
I'm not going to resolve this just yet as I think the documentation (for all
Tomcat versions) could be improved to make clear exactly what gets logged
and/or when what gets logged varies.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org