Thanks, yes I think my problem never was with the RemoteIpValve, and the other project I copied configuration from actually didn't work despite me thinking it did ;) kr Leon
On Wed, Mar 29, 2023 at 6:45 AM Mark Thomas <ma...@apache.org> wrote: > On 28/03/2023 21:08, Leon Rosenberg wrote: > > Sorry it took a little longer. Turns out that the actual RemoteIpValve > > works correctly, but the *Access Log Valve *doesn't. We were > > primarily looking into the localhost_access*logs, hence the confusion: > > > > Headers with RemoteIpValue on: > > header: host; value: api.myhost.com > > header: user-agent; value: PostmanRuntime/7.29.2 > > header: accept; value: */* > > header: postman-token; value: 16abea85-a8de-44d2-8885-c92e0eed7d9f > > header: accept-encoding; value: gzip, deflate, br > > header: cookie; value: JSESSIONID=5F8CF7FE92569665C1F1BD08FBEC3F22 > > header: x-forwarded-host; value: api.myhost.com > > header: x-forwarded-server; value: api.myhost.com > > header: connection; value: Keep-Alive > > > > remote host: 77.178.32.184 > > remote ip: 77.178.32.184 > > > > > > Headers with RemoteIpValue off: > > header: host; value: api.myhost.com > > header: user-agent; value: PostmanRuntime/7.29.2 > > header: accept; value: */* > > header: postman-token; value: a3e6b8cc-d2e2-45b7-86d7-2f0d4ce16c96 > > header: accept-encoding; value: gzip, deflate, br > > header: cookie; value: JSESSIONID=A76B5E16C7566DFFF764C43CF34742ED > > header: x-forwarded-for; value: 77.178.32.184 > > header: x-forwarded-host; value: api.myhost.com > > header: x-forwarded-server; value: api.myhost.com > > header: connection; value: Keep-Alive > > remote host: 10.138.0.3 > > remote ip: 10.138.0.3 > > > > > > however, the AccessLogValue, which is configured as: > > > > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > > prefix="localhost_access_log" suffix=".txt" > > pattern="%{X-Forwarded-For}i %a %l %u %t "%r" > %s %b" /> > > > > Prints the local address as %a. We added %{X-Forwarded-For}i as > workaround, > > so it works for now, but I'd expect %a to print the 'real' ip address > > instead of the local one. Same config works on 8.5 interestingly enough. > > I think Konstantin mentioned this earlier in the thread. Look at the > requestAttributesEnabled attribute for the AccessLogValve > > https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Access_Log_Valve > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >