On 11.03.2009 21:51, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
2) getRemoteAddr() gives you the address of the system, which opened the
connection. In case of an AJP connector, this is not true, because AJP
is meant to be used for reverse proxies. So here you get the address of
the system which opened the connection to the web server, forwarded via
AJP to Tomcat.
[snip]
4) Usually Reverse Proxies set a non-standard header X-Forwarded-For.
E.g. mod_proxy does. Be warned though, that cascading Reverse Proxies
will most likely add to the header, so it can contain multiple
addresses, usually comma-separated.
Does mod_jk set any of these headers?
X-Forwarded-For
X-Forwarded-Host
X-Forwarded-Server
No, because it tries to act transparent by default, so it passes the
original client/server situation to Tomcat and Tomcat patches it's
client and server data inside the AJP connector in order to present the
webapp the situation like it was at the web server.
But you can use mod_headers to additionally set those headers, if you
like to, and mod_jk will forward them.
As described on the new shiny proxy documentation page
http://tomcat.apache.org/dev/dist/tomcat-connectors/jk/docs/jk-1.2.28-dev/generic_howto/proxy.html
those headers in a mod_jk setting relate to:
X-Forwarded-For: getRemoteAddr()
X-Forwarded-Host: getServerName()
X-Forwarded-Server: getLocalName()
at least when there is only one reverse proxy involved, so no
concatenation of data in X-Forwarded-*.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
