Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Received-SPF: neutral (asf.osuosl.org: local policy)
Message-ID: <44B8026D.6070702@hanik.com>
Date: Fri, 14 Jul 2006 15:45:33 -0500
From: Filip Hanik - Dev Lists <devlists@hanik.com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Tomcat Developers List <dev@tomcat.apache.org>
Subject: Re: Patch to override request.getRemoteAddr if behind a reverse proxy
References: <1152908498.4201.15.camel@pc-2370336.unisa.ac.za>
In-Reply-To: <1152908498.4201.15.camel@pc-2370336.unisa.ac.za>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

This is a question for the user list, it might be better for you to take 
the inquiries there, and you shouldn't need to hack tomcat for something 
like this.
Simply create a filter, that wraps your HttpServletRequest in a 
HttpServletRequestWrapper,

worst case you could create Valve that does it for you, either way, you 
can avoid changing tomcat code.

Filip

Johan van den Berg wrote:
> Hi
>
> I'm totally new to hacking Tomcat, so excuse if I'm not following the
> proper procedure, but needed to do this for our site that has a Tomcat
> behind Apache (mod_jk), that sits behind a reverse proxy load balancer.
> The idea is basically to not use the TCP endpoint of Apache (which will
> always point to the reverse proxy) to give the caller of
> request.getRemoteAddr a valid IP, but rather retrieve it from a
> configurable request header. In our case, we have hacked the Pound
> loadbalancer to forward a request header called X-Pounded-For with each
> request, and the value of this header is then used (if available) to
> return the *real client IP to the caller of request.getRemoteAddr or
> request.getRemoteHost.
>
> Extract from server.xml:
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" proxyRemoteAddrHeader="X-Pounded-For"
> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
>
>
> Let me know if it is of any use to anyone else!
>
> Regards
>
>   
> ------------------------------------------------------------------------
>
> Index: container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
> ===================================================================
> --- container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java	(revision 421580)
> +++ container/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java	(working copy)
> @@ -198,12 +198,23 @@
>          // Override if the proxyPort/proxyHost are set 
>          String proxyName = connector.getProxyName();
>          int proxyPort = connector.getProxyPort();
> +        String proxyRemoteAddrHeader = connector.getProxyRemoteAddrHeader();
> +        
>          if (proxyPort != 0) {
>              req.setServerPort(proxyPort);
>          }
>          if (proxyName != null) {
>              req.serverName().setString(proxyName);
>          }
> +        if (proxyRemoteAddrHeader != null) {
> +        	String remoteAddr = req.getHeader(proxyRemoteAddrHeader);
> +        	if (remoteAddr != null) {
> +                req.remoteAddr().setString(remoteAddr);
> +                req.remoteHost().setString(remoteAddr);
> +                request.setRemoteAddr(remoteAddr);
> +                request.setRemoteHost(remoteAddr);        		
> +        	}
> +        }
>  
>          // URI decoding
>          MessageBytes decodedURI = req.decodedURI();
> Index: container/catalina/src/share/org/apache/catalina/connector/Connector.java
> ===================================================================
> --- container/catalina/src/share/org/apache/catalina/connector/Connector.java	(revision 421580)
> +++ container/catalina/src/share/org/apache/catalina/connector/Connector.java	(working copy)
> @@ -155,6 +155,14 @@
>       * the port number specified by the <code>port</code> property is used.
>       */
>      protected int proxyPort = 0;
> +    
> +    
> +    /**
> +     * The request header that should be use to populate the request object's
> +     * remoteAddr field. This is commonly used behind reverse proxy's that pass
> +     * the real client IP via a request header, such as <code>X-Pounded-For</code>.
> +     */
> +    protected String proxyRemoteAddrHeader = null;
>  
>  
>      /**
> @@ -732,6 +740,27 @@
>          setProperty("proxyPort", String.valueOf(proxyPort));
>  
>      }
> +    
> +    /**
> +     * Return the proxy remote address header value for this Connector.
> +     */
> +    public String getProxyRemoteAddrHeader() {
> +    	
> +    	return (this.proxyRemoteAddrHeader);
> +    	
> +    }
> +    
> +    /**
> +     * Set the proxy remote address header value for this Connector.
> +     * 
> +     * @param proxyRemoteAddrHeader The new proxy remote address header value
> +     */
> +    public void setProxyRemoteAddrHeader(String proxyRemoteAddrHeader) {
> +    	
> +    	this.proxyRemoteAddrHeader = proxyRemoteAddrHeader;
> +    	setProperty("proxyRemoteAddrHeader", proxyRemoteAddrHeader);
> +    	
> +    }
>  
>  
>      /**
>
>   
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.10.0/388 - Release Date: 7/13/2006
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org