I'll accept as much, but understand that I just followed the same approach that was taken with the proxyName and proxyPort parameters that already solve a similar problem in Tomcat when sitting behind a reverse proxy.
If that problem was solved with a Filter / Valve, I would have done the same with my approach... Regards Johan On Mon, 2006-07-17 at 12:08 +0200, Ronald Klop wrote: > On Mon Jul 17 11:52:20 CEST 2006 Tomcat Users List > <users@tomcat.apache.org> wrote: > > Except that I have 5 servers, each having 20 different apps, > some of > which are 3'rd party, so I *really* don't want to modify the > app (closed > source). > > This is a server infrastructure and configuration issue, none > of which > any developer should ever be worried about... > > Regards > Johan > > A Filter is really good to use in that case and if I remember > correctly you can add it to conf/web.xml. Or you can create a Valve > for Tomcat and put the code in there. Tomcat is already extendable > without using patches. > > Ronald. > > On Mon, 2006-07-17 at 11:48 +0200, Ronald Klop wrote: > > On Sat Jul 15 13:38:47 CEST 2006 Tomcat Users List > <users@tomcat.apache.org> wrote: > > > Hi > > > > > > We needed to patch Tomcat for our site that has a Tomcat > > > behind Apache (mod_jk), that sits behind a reverse proxy > load balancer. > > > The idea is basically to not use the TCP endpoint of > Apache (which will > > > always point to the reverse proxy) to give the caller of > > > request.getRemoteAddr a valid IP, but rather retrieve it > from a > > > configurable request header. In our case, we have hacked > the Pound > > > loadbalancer to forward a request header called > X-Pounded-For with each > > > request, and the value of this header is then used (if > available) to > > > return the *real client IP to the caller of > request.getRemoteAddr or > > > request.getRemoteHost. > > > > > > Extract from server.xml: > > > > > > <!-- Define an AJP 1.3 Connector on port 8009 --> > > > <Connector port="8009" > proxyRemoteAddrHeader="X-Pounded-For" > > > enableLookups="false" redirectPort="8443" > protocol="AJP/1.3" /> > > > > > > > > > Let me know if it is of any use to anyone else! > > > > > > Regards > > > > > > -- > > > Johan van den Berg > > > Technical Webmaster > > > University of South Africa > > > > > > Cel: +27 73 201 3520 > > > Tel: +27 12 429 2371 > > > > > > Registered Linux user number 390606 > > > http://counter.li.org/ > > > > --------------------------------------------------------------------- > > > To start a new topic, e-mail: users@tomcat.apache.org > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED], > > > > In stead of patching Tomcat, you can also make a util > class/method like this. > > > > public final class ServletUtils { > > private static final String MY_TRUSTED_PROXY = "127.0.0.1"; > > public static String getRemoteAddr(ServletRequest req) { > > String remoteIp = req.getRemoteAddr(); > > if (remoteIp.equals(MY_TRUSTED_PROXY)) { > > String proxyIp = req.getHeader("X-Pounded-For"); > > if (proxyip != null) { > > remoteIp = proxyip; > > } > > } > > return remoteIp; > > } > > } > > > > > > This makes your application know about your setup in stead > of Tomcat. Much more flexible and much less problems when > upgrading Tomcat. > > You can also put this in a Filter which wraps the > ServletRequest with your own version. This keeps your > application clean and it just uses the standard Servlet > extendabilties. > > > > Ronald. > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]