Discussion:
Unable to retrieve X-Forwarded-For in Tomcat 8.0 access log
Abhijit Das
2016-05-11 18:47:56 UTC
Permalink
down vote
<>favorite
<https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.

I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)

What could be the issue?

<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
remoteIpHeader="X-Forwarded-For"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributeEnabled="true"
resolveHosts="false"/>
Log ::

[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13

As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)


Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.

Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK
Mark Thomas
2016-05-11 19:01:11 UTC
Permalink
Post by Abhijit Das
down vote
<>favorite
<https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
What could be the issue?
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
remoteIpHeader="X-Forwarded-For"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributeEnabled="true"
typo ^^^

You are missing an 's'

Mark
Post by Abhijit Das
resolveHosts="false"/>
[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Abhijit Das
2016-05-11 19:07:57 UTC
Permalink
Thanks for pointing out, but that didn’t work either .. (I also changed the policy on the LB to inject in lower case x-forwarded-for thinking if it was case sensitive?) .. Do i need a filter as well in web.xml ?

The below Header is a RESPONSE header, where i am injecting x-forwarded-for

<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
trustedProxies="10\.202\.13\.198"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"/>

<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributesEnabled="true"
resolveHosts="false”/>


Cache-Control:no-cache, must-revalidate
Content-Encoding:gzip
Content-Length:7918
Content-Security-Policy:frame-ancestors 'self'
Content-Type:text/html;charset=UTF-8
Date:Wed, 11 May 2016 19:06:37 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Vary:User-Agent
X-Accel-Buffering:no
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b5e4
X-App-Cluster-Node-Name:app_beta_clus_node1
X-App-Request-Time:1462993597316
X-Content-Type-Options:nosniff
x-forwarded-for:1.1.1.1
X-Frame-Options:SAMEORIGIN
X-Seraph-LoginReason:OK
X-XSS-Protection:1; mode=block
Post by Abhijit Das
down vote
<>favorite
<https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>
I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
What could be the issue?
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
remoteIpHeader="X-Forwarded-For"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributeEnabled="true"
typo ^^^

You are missing an 's'

Mark
Post by Abhijit Das
resolveHosts="false"/>
[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Abhijit Das
2016-05-11 19:12:36 UTC
Permalink
RESOLVED … It should be injected in the REQUEST Header, I will now see if case matters.


On May 11, 2016, at 12:07 PM, Abhijit Das <***@icloud.com> wrote:

Thanks for pointing out, but that didn’t work either .. (I also changed the policy on the LB to inject in lower case x-forwarded-for thinking if it was case sensitive?) .. Do i need a filter as well in web.xml ?

The below Header is a RESPONSE header, where i am injecting x-forwarded-for

<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
trustedProxies="10\.202\.13\.198"
remoteIpHeader="x-forwarded-for"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"/>

<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributesEnabled="true"
resolveHosts="false”/>


Cache-Control:no-cache, must-revalidate
Content-Encoding:gzip
Content-Length:7918
Content-Security-Policy:frame-ancestors 'self'
Content-Type:text/html;charset=UTF-8
Date:Wed, 11 May 2016 19:06:37 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Vary:User-Agent
X-Accel-Buffering:no
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b5e4
X-App-Cluster-Node-Name:app_beta_clus_node1
X-App-Request-Time:1462993597316
X-Content-Type-Options:nosniff
x-forwarded-for:1.1.1.1
X-Frame-Options:SAMEORIGIN
X-Seraph-LoginReason:OK
X-XSS-Protection:1; mode=block
Post by Abhijit Das
down vote
<>favorite
<https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log# <https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#>>
I am injecting a header with a rewrite policy on my LB to pass X-Forwarded-For header. Have verified that this appears on all the pages in the RESPONSE Header.
I have the following config in server.xml , yet i am not able to see the Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
What could be the issue?
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
remoteIpHeader="X-Forwarded-For"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r %q %A %v %p %b %I %D"
requestAttributeEnabled="true"
typo ^^^

You are missing an 's'

Mark
Post by Abhijit Das
resolveHosts="false"/>
[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action <https://index.action/> - 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET /rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72 http-nio-8443-exec-17 13
As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org <mailto:users-***@tomcat.apache.org>
For additional commands, e-mail: users-***@tomcat.apache.org <mailto:users-***@tomcat.apache.org>
Igor Cicimov
2016-05-12 00:01:48 UTC
Permalink
Post by Abhijit Das
down vote
<>favorite
<
https://stackoverflow.com/questions/37170742/unable-to-retrieve-x-forwarded-for-in-tomcat-8-0-access-log#
I am injecting a header with a rewrite policy on my LB to pass
X-Forwarded-For header. Have verified that this appears on all the pages in
the RESPONSE Header.
I have the following config in server.xml , yet i am not able to see the
Remote IP/X-Forwarded-For either using %a or %h (I see Loadbalancer IP)
What could be the issue?
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="10\.202\.13\.198"
remoteIpHeader="X-Forwarded-For"
proxiesHeader="x-forwarded-by"
requestAttributesEnabled="true"
/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%t %a %h %{Referer}i %l %S %{User-Agent}i %U %s %r
%q %A %v %p %b %I %D"
requestAttributeEnabled="true"
resolveHosts="false"/>
[11/May/2016:11:29:39 -0700] 10.202.13.198 10.202.13.198 https:///index.action
- 04B3ADCF82A212C6ECD9679BF260732D Mozilla/5.0 (Macintosh; Intel Mac OS X
10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86
Safari/537.36 /rest/mywork/latest/status/notification/count 200 GET
/rest/mywork/latest/status/notification/count HTTP/1.1 10.202.10.17 443 72
http-nio-8443-exec-17 13
As you see : both %a and % h are : 10.202.13.198 10.202.13.198 (my LB IP)
Snippet of my Resonse Header: showing my LB policy is injecting the X-Forwarded-For header.
Cache-Control:private
Content-Encoding:gzip
Content-Type:application/json
Date:Wed, 11 May 2016 17:58:55 GMT
Expires:Wed, 31 Dec 1969 16:00:00 PST
Server:Apache-Coyote/1.1
Strict-Transport-Security:max-age=31536000; includeSubDomains
Transfer-Encoding:chunked
Vary:User-Agent
X-AUSERNAME:admin
X-App-Cluster-Node:4e77b660
X-App-Cluster-Node-Name:app_prod_clus_node3
X-Content-Type-Options:nosniff
X-Forwarded-For:1.1.1.1
X-Seraph-LoginReason:OK
Correct me if I've maybe misunderstood something but I have the same case
and I just chuck %{X-Forwarded-For}i in the pattern to capture the header.
Loading...