tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Cannot set remote address in valve (Tomcat 5.5)
Date Tue, 06 Oct 2009 12:26:20 GMT
I know I'm late in this discussion. Besides the very good mentioning of
mod_remoteip, RemoteIpValve and XForwardedFilter I guess there's a way
of doing it in case you are using mod_jk.

mod_jk (and mod_proxy_ajp) use the AJP protocol between the web server
and the backend, e.g. Tomcat. This protocol transports the original
communication information from the web server to the backend, and when
remote IP etc., it doesn't get the backend data (e.g. the client of the
backend is the web server, not very intersting), but instead the data
forwarded by the web server.

Since few versions of mod_jk we allow this data to be influenced by the
admin of the web server. Most of the data can be taken from mod_jk out
of so-called environment variables of Apache httpd, and those variables
can be manipulated by mod_rewrite.

With a little config magic you could e.g.

- Let mod_rewrite check, whether the X-Forwarded-For header was set

- Let mod_rewrite check, whether there's more than on IP in it, if yes
extract the first one, if no take the whole header

- Put the result into the magic env var

and now mod_jk will forward this result as the remote IP address instead
of the one retrieved from the TCP connection.

For details see:

http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html

and

http://tomcat.apache.org/connectors-doc/reference/apache.html

Warning: you very likely would need to use Apache httpd 2.2, because
before mod_rewrite might not have been powerful enough.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message