tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan van den Berg <vdb...@unisa.ac.za>
Subject Patch to override request.getRemoteAddr if behind a reverse proxy
Date Fri, 14 Jul 2006 20:21:38 GMT
Hi

I'm totally new to hacking Tomcat, so excuse if I'm not following the
proper procedure, but needed to do this for our site that has a Tomcat
behind Apache (mod_jk), that sits behind a reverse proxy load balancer.
The idea is basically to not use the TCP endpoint of Apache (which will
always point to the reverse proxy) to give the caller of
request.getRemoteAddr a valid IP, but rather retrieve it from a
configurable request header. In our case, we have hacked the Pound
loadbalancer to forward a request header called X-Pounded-For with each
request, and the value of this header is then used (if available) to
return the *real client IP to the caller of request.getRemoteAddr or
request.getRemoteHost.

Extract from server.xml:

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" proxyRemoteAddrHeader="X-Pounded-For"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />


Let me know if it is of any use to anyone else!

Regards

-- 
Johan van den Berg
Technical Webmaster
University of South Africa

Cel: +27 73 201 3520
Tel: +27 12 429 2371

Registered Linux user number 390606
http://counter.li.org/

Mime
View raw message