That usually means that there is a server in front of it (probably Apache); from Tomcat's perspective that's where the request is coming from. In those cases the original IP address is often passed along in a request header, called "x-forwarded-for" or something like that.
Tomcat is the webserver as well. There is no apache running on the domain.
Here something tricker
I just mad a JSP page to do some testing and request.getRemoteAddr() returned a remote IP.
How could this be?
I might add that in the application where I'm trying to get the IP it is a Struts2 action calls.
I implemented ServletRequestAware to get the request object.
The other thing I'm thinking is that I use filters but surly they maintain the remote IP??
Kris Reid
Ranch Hand
Joined: Jan 05, 2005
Posts: 247
posted
0
OK I'm a gumby
You were right it is the "X-Forwarded-For"
request.getHeader("X-Forwarded-For")
Cheers
Cyrille Le Clerc
Greenhorn
Joined: Jul 19, 2009
Posts: 6
posted
0
Hello,
Getting the IP address of the client can be tricky because each traversed proxy and load balancer adds an IP address to the multi valued, comma delimited, value of the X-Forwarded-For header (see Wikipedia X-Forwarded-For page). Moreover, web client can tweak the X-Forwarded-For with tools like Firefox Modify Headers or X-Forwarded-For Spoofer add-ons.
The forthcoming version of Apache Httpd will offer a secure mechanism to handle X-Forwarded-For with mod_remoteip.
Here are a Tomcat valve RemoteIpValve and a servlet filter XForwardedFilter to repectively integrate the X-Forwarded-For and X-Forwarded-Proto (http or https) headers at the Tomcat and WAR levels.
Thanks to these valve and filter, the actual client ip and the incoming protocol (http/https) will be available in Tomcat logs (if you use the valve) and in the servlet API (request.getRemoteAddr(), request.getRemoteHost(), request.isSecure(), request.getScheme() and request.getServerPort()).
The Tomcat RemoteIpValve has been proposed to the Tomcat Project as Bug 47330 - proposal : port of mod_remoteip in Tomcat as RemoteIpValve.
Backlink Service - High PageRank Backlinks to have you flying up through the SERP
Cyrille Le Clerc
Greenhorn
Joined: Jul 19, 2009
Posts: 6
posted
0
Hello,
The RemoteIpValve is now available in Tomcat 6.0.24. I didn't yet have the time to merge in Tomcat's documentation all the docs we wrote. If you are interested in more details about the handling of X-Forwarded-For, internal proxies, trusted proxies, X-Forwarded-Proto or scenarios to handle SSL with tomcat preceded by Apache Httpd and/or load balancers, please have a look at :
thanks again for your interest in the RemoteIpValve,
Cyrille
Krem Reid
Greenhorn
Joined: Sep 07, 2009
Posts: 28
posted
0
Excellent Cyrille.
Really appreciate the update
Andrew Swanson
Greenhorn
Joined: Nov 05, 2010
Posts: 2
posted
0
Cyrille -
Like the RemoteIpValve but have one question.
I am using the RemoteIpValve to correctly set request.isSecure and request.scheme but I am using the "ProxyPreserveHost" Apache httpd directive so that request.serverHost and request.serverPort are correctly set in Tomcat. Is there anyway to prevent RemoteIpValve from populating the request.serverPort when it detects the presence of the $protocolHeader http header?
Cyrille Le Clerc
Greenhorn
Joined: Jul 19, 2009
Posts: 6
posted
0
Hello Andrew,
You are right, RemoteIpValve (and RemoteIpFilter) currently override the serverPort when you specify a protocol header (e.g. x-forwarded-proto). Would you like to add a boolean configuration option override-http-server-port-with-protocol-information to disable this behavior for your use case ?
Thanks for your interest in RemoteIpValve,
Cyrille
Andrew Swanson wrote:
I am using the RemoteIpValve to correctly set request.isSecure and request.scheme but I am using the "ProxyPreserveHost" Apache httpd directive so that request.serverHost and request.serverPort are correctly set in Tomcat. Is there anyway to prevent RemoteIpValve from populating the request.serverPort when it detects the presence of the $protocolHeader http header?
Andrew Swanson
Greenhorn
Joined: Nov 05, 2010
Posts: 2
posted
0
Yes, something like that would be most helpful.
Cyrille Le Clerc wrote:Hello Andrew,
You are right, RemoteIpValve (and RemoteIpFilter) currently override the serverPort when you specify a protocol header (e.g. x-forwarded-proto). Would you like to add a boolean configuration option override-http-server-port-with-protocol-information to disable this behavior for your use case ?
Thanks for your interest in RemoteIpValve,
Cyrille
Andrew Swanson wrote:
I am using the RemoteIpValve to correctly set request.isSecure and request.scheme but I am using the "ProxyPreserveHost" Apache httpd directive so that request.serverHost and request.serverPort are correctly set in Tomcat. Is there anyway to prevent RemoteIpValve from populating the request.serverPort when it detects the presence of the $protocolHeader http header?
0
