I know I'm late in this discussion. Besides the very good mentioning of mod_remoteip, RemoteIpValve and XForwardedFilter I guess there's a way of doing it in case you are using mod_jk.
mod_jk (and mod_proxy_ajp) use the AJP protocol between the web server and the backend, e.g. Tomcat. This protocol transports the original communication information from the web server to the backend, and when remote IP etc., it doesn't get the backend data (e.g. the client of the backend is the web server, not very intersting), but instead the data forwarded by the web server. Since few versions of mod_jk we allow this data to be influenced by the admin of the web server. Most of the data can be taken from mod_jk out of so-called environment variables of Apache httpd, and those variables can be manipulated by mod_rewrite. With a little config magic you could e.g. - Let mod_rewrite check, whether the X-Forwarded-For header was set - Let mod_rewrite check, whether there's more than on IP in it, if yes extract the first one, if no take the whole header - Put the result into the magic env var and now mod_jk will forward this result as the remote IP address instead of the one retrieved from the TCP connection. For details see: http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html and http://tomcat.apache.org/connectors-doc/reference/apache.html Warning: you very likely would need to use Apache httpd 2.2, because before mod_rewrite might not have been powerful enough. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org