1 Reply Latest reply on Oct 21, 2013 4:10 AM by jmsjr

JBoss AS 7.1.3: Log the IP address from HTTP header x-forwarded-for in access.log

jmsjr Oct 21, 2013 2:40 AM

Hi All,

I have ( internal LAN site only ):

One (1) Netscaler, which, then forwards HTTP requests to:

Two (2) httpd+mod_cluster, which then forwards the HTTP requests ( via AJP ) to:

Two (2) JBoss AS 7.1.3 with mod_cluster

Netscaler is adding the x-forwarded-for HTTP header so that Apache httpd can log the actual IP address of the user, as per the following:

http://www.techstacks.com/howto/log-client-ip-and-xforwardedfor-ip-in-apache.html

On the above link, it logs into access.log the IP address recorded in x-forwarded-for HTTP header, if that HTTP header exists. Otherwise, it logs REMOTE_IP.

On the AJP protocol, I can see that JBoss receives the x-forwarded-for HTTP header that Netscaler has sent across.

So my question is:

Is there a way to configure JBoss to log the IP address from the x-forwarded-for HTTP header ... similar to the link above ? ( e.g. Log IP address if x-forwarded-for exists. If not. log REMOTE_IP ).

I prefer NOT to change the HTTP headers using the RemoteIP Valve, which is the port of Apache's mod_remoteip ( JBoss Web Configuration Reference - The Valve Component ), as it may have other implications that I am not aware of with regards to mod_cluster, etc.

1. Re: JBoss AS 7.1.3: Log the IP address from HTTP header x-forwarded-for in access.log

jmsjr Oct 21, 2013 4:10 AM (in response to jmsjr)

I should add that, if we DO NOT use Netscaler in front the Apache/httpd+mod_cluster, JBoss logs the IP address of the user's workstation correctly without any change on my part. However, there is now a desire to have Netscaler in front of 2 Apache/httpd+mod_cluster to address the issue of a single point-of-failure if Apache+mod_cluster goes down.
Actions