Thanks for the response Mark, quick question, do I have to add all cloudflare ips? They kindof distributed along the world... Can I mark the thrustworthlyness by a header instead? kr Leon
On Mon, Jun 14, 2021 at 9:45 PM Mark Thomas <ma...@apache.org> wrote: > On 14/06/2021 17:01, Leon Rosenberg wrote: > > hi, > > I have a tomcat 8.5.15 behind an apache behind cloudflare. I am trying to > > "see" the user's ip in my logs. When I print out the headers I see that I > > have headers in the request > > CF-Connecting-IP > > and > > X-Forwarded-For > > with real user's up, say 93.72.251.122. But when I make a request to > > request.getRemoteAddr() it returns 162.158.103.188 which is cloudflare's > > ip address, not the real one. > > I added to the server.xml the remoteipvalue in different configuration > und > > "Host", i.e.: > > <Valve className="org.apache.catalina.valves.RemoteIpValve" > > remoteIpHeader="x-forwarded-for" > > protocolHeader="x-forwarded-proto" > > /> > > > > <Valve className="org.apache.catalina.valves.RemoteIpValve" > > remoteIpHeader="X-Forwarded-For" > > protocolHeader="X-Forwarded-Proto" > > /> > > > > or assuming for defaults: > > <Valve className="org.apache.catalina.valves.RemoteIpValve" > > /> > > > > or even: > > <Valve className="org.apache.catalina.valves.RemoteIpValve" > > remoteIpHeader="CF-Connecting-IP" > > /> > > > > but none of them give me the getRemoteAddr properly. Is there a trick to > > this configuration? > > You need to tell Tomcat that 162.158.103.188 is trusted. Setting > trustedProxies="162\.158.103\.188" should do the trick. > > There is debug logging in that Valve so you can set > > org.apache.catalina.valves.RemoteIpValve.level=FINE > > in $CATALINA_BASE/conf/logging.properties to get debug logging which > should help you see what is going on. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >