Re: X-Forwarded-For header is missing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Konstantin,

It is not processed and deleted by backend. I enabled x-forwarded-for logging, it confirms our Apache webserver is not adding xff header. However xfh header added always.

RemoteIpValve is not configured at Apache tomcat.

We already placed ProxyAddHeaders after load modules only, I also attached httpd conf  file for your review and captured wireshark packet capture at webserver, it confirms above.

Can you please help me and share working httpd.conf file where http web server redirecting incoming WEBSERVICE call to another backend application with xff headers enabled.

Thanks a lot.

Thanks,
Surendhar

On Wednesday, November 8, 2017, Konstantin Kolinko <knst.kolinko@xxxxxxxxx> wrote:
2017-11-07 21:44 GMT+03:00 Surendhar Thallapelly <surendhar.t1241@xxxxxxxxx>:
> Hi Konstantin,
>
>> Hi Team,
>>
>> I configured apache http web server to redirect incoming WEBSERVICE call
>> to
>> another backend application server, X-Forwarded-For is missing(webserver
>> ip)
>> in backend call.
>>
>> I have configured below in my webserver httpd.conf file.
>>
>> ProxyPass /TestProject http://10.160.160.33:2914/TestProject
>> ProxyPassReverse /TestProject http://10.160.160.33:2914/TestProject
>>
>
> 1. Version of Apache HTTP server = ? 2.2 & 2.4 both of versions it didn't
> work
> 2. What is your configuration of ProxyAddHeaders directive?
>
> http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyaddheaders
>
> ProxyAddHeaders On
>
> I also enabled
> LoadModule proxy_module modules/mod_proxy.so
> LoadModule proxy_http_module modules/mod_proxy_http.so
>
> X-Forwarded-Host is working showing in my backend call, only X-Forwarded-For
> is missing.  I am also attaching my complete http.conf(2.4 version) file for
> your review, please review and help me.


Maybe the "X-Forwarded-For" is sent by Apache HTTPD, but is processed
and removed by your backend?

E.g. in Apache Tomcat if a RemoteIpValve is configured,
it will process and hide this header from underlying web applications,
while its original value is still visible in Access Log and can be
logged with %{xxx}i

http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_IP_Valve


(BTW,
it is odd how you place your "ProxyAddHeaders On" directive at the top
of the file.

My expectation is that the directive should be moved below relevant
"LoadModule" line,
or the configuration fails to load.
)

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux