Thanks, yes I think my problem never was with the RemoteIpValve, and the
other project I copied configuration from actually didn't work despite me
thinking it did ;)
kr
Leon
On Wed, Mar 29, 2023 at 6:45 AM Mark Thomas <ma...@apache.org> wrote:
> On 28/03/2023 21:08, Leon Rosenberg wrote:
> > Sorry it took a little longer. Turns out that the actual RemoteIpValve
> > works correctly, but the *Access Log Valve *doesn't. We were
> > primarily looking into the localhost_access*logs, hence the confusion:
> >
> > Headers with RemoteIpValue on:
> > header: host; value: api.myhost.com
> > header: user-agent; value: PostmanRuntime/7.29.2
> > header: accept; value: */*
> > header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f
> > header: accept-encoding; value: gzip, deflate, br
> > header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22
> > header: x-forwarded-host; value: api.myhost.com
> > header: x-forwarded-server; value: api.myhost.com
> > header: connection; value: Keep-Alive
> >
> > remote host: 77.178.32.184
> > remote ip: 77.178.32.184
> >
> >
> > Headers with RemoteIpValue off:
> > header: host; value: api.myhost.com
> > header: user-agent; value: PostmanRuntime/7.29.2
> > header: accept; value: */*
> > header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96
> > header: accept-encoding; value: gzip, deflate, br
> > header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED
> > header: x-forwarded-for; value: 77.178.32.184
> > header: x-forwarded-host; value: api.myhost.com
> > header: x-forwarded-server; value: api.myhost.com
> > header: connection; value: Keep-Alive
> > remote host: 10.138.0.3
> > remote ip: 10.138.0.3
> >
> >
> > however, the AccessLogValue, which is configured as:
> >
> > <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
> > prefix="localhost_access_log" suffix=".txt"
> > pattern="%{X-Forwarded-For}i %a %l %u %t "%r"
> %s %b" />
> >
> > Prints the local address as %a. We added %{X-Forwarded-For}i as
> workaround,
> > so it works for now, but I'd expect %a to print the 'real' ip address
> > instead of the local one. Same config works on 8.5 interestingly enough.
>
> I think Konstantin mentioned this earlier in the thread. Look at the
> requestAttributesEnabled attribute for the AccessLogValve
>
> https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Access_Log_Valve
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
