Hi,
use a quot at AccessLogValve pattern to a muliple value field.
"%{X-Forwarded-For}i" %l %u %t "%r" %s %b
Look the following definition: http://en.wikipedia.org/wiki/X-
Forwarded-For
First value is the client ip.
Peter
Am 05.01.2008 um 22:19 schrieb Rainer Jung:
Hi Gregory,
the descriptions below work (at least) for TC 5.0/5.5/6.0.
Gregory Gerard schrieb:
I've got an F5 load balancer running version 9.3 of the software.
I've got several Tomcat installations behind it.
The F5 does all SSL and clear traffic as a reverse proxy,
rewriting headers as needed for cookies and whatnot.
I have one connector on 8080 for the clear traffic.
My problem: I tried to add another connector on 8081 setting
secure to true so that the HttpServletRequest would say, yup, this
is a secure connection and tell the 8080 connector 8081 is the
secure address it should use when trying to upshift to higher
security.
Don't use "secure", use scheme="https" instead. See
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
When I did this and started Tomcat up, it whined about not being
able to open up my keystore.
I want all my SSL to offloaded and keep the keys out of each
machine and centrally managed. I *just* want to get the servlets
to believe the connection is secure. This is analogous to HTTPd
doing the SSL offload with the mod_jk connector.
Also, the header X-Forwarded-For is set by the F5 and I'd like the
Connector to also give out this IP instead of the load balancer's.
I assume you are talking about the access log?
For common log format, but using the client IP, you take the pattern:
%{X-Forwarded-For}i %l %u %t "%r" %s %b
See:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html
Caution: X-Forwarded-For can contain multiple IP addresses, if the
request passed through multiple proxies and they are configured to
add IPs, not to overwrite. Keep this in mind when doing analysis on
the field.
Any ideas short of recompiling Tomcat with a modified connector?
Anyone else faced this problem?
There should be no need for code changes :)
thanks,
greg
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]