I have ( internal LAN site only ):
One (1) Netscaler, which, then forwards HTTP requests to:
Two (2) httpd+mod_cluster, which then forwards the HTTP requests ( via AJP ) to:
Two (2) JBoss AS 7.1.3 with mod_cluster
Netscaler is adding the x-forwarded-for HTTP header so that Apache httpd can log the actual IP address of the user, as per the following:
On the above link, it logs into access.log the IP address recorded in x-forwarded-for HTTP header, if that HTTP header exists. Otherwise, it logs REMOTE_IP.
On the AJP protocol, I can see that JBoss receives the x-forwarded-for HTTP header that Netscaler has sent across.
So my question is:
Is there a way to configure JBoss to log the IP address from the x-forwarded-for HTTP header ... similar to the link above ? ( e.g. Log IP address if x-forwarded-for exists. If not. log REMOTE_IP ).
I prefer NOT to change the HTTP headers using the RemoteIP Valve, which is the port of Apache's mod_remoteip ( JBoss Web Configuration Reference - The Valve Component ), as it may have other implications that I am not aware of with regards to mod_cluster, etc.
I should add that, if we DO NOT use Netscaler in front the Apache/httpd+mod_cluster, JBoss logs the IP address of the user's workstation correctly without any change on my part. However, there is now a desire to have Netscaler in front of 2 Apache/httpd+mod_cluster to address the issue of a single point-of-failure if Apache+mod_cluster goes down.