I have a load balancer in front of an Apache httpd server, which in turn is in front of a server running Tomcat6. We're using Tomcat to running Shibboleth's IdP. The follow looks like this:
Client -> Load Balancer -> Apache httpd server (mod_proxy_ajp) -> Tomcat server
I'm looking to pass the client's IP to the Tomcat server. The LB passes the variable ClientIP to the httpd server, which I can parse in httpd's LogFormat as "%{ClientIP}i", but this obviously does not make it to the Tomcat server, instead Tomcat logs the IP of the LB.
I've tried using Tomcat's RemoteIpValve as (in server.xml insider <Engine>) :
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto"
> protocolHeaderHttpsValue="https" />
hoping that the use of mod_proxy would pass the IP in X-Forwarded-For without success. I've seen posts on mod_rpaf, but I'm hoping to do this without additional apache httpd mods.
I think I'm a couple of pieces away from tying all this together, but stuck in a rut. Any ideas?
If the load balancer is inserting the client IP address in a header called ClientIP, mod_proxy should pass that on to the Tomcat sever without any special configuration. Try configuring the Tomcat RemoteIpValve to look for ClientIP instead of X-Forwarded-For. e.g.