On Mon, Sep 23, 2019, 12:45 John Pyeatt <john.pyeatt@xxxxxxxxxxxxxx> wrote:
I have tried everything and I can't get Apache (2.4.39) to pass the X-Forwarded-For header to my tomcat (8.5) instance.I have apache listening on port 8081 and bound to the public IP address as a reverse proxy to a backend tomcat instance which is also bound to 8081 but on 127.0.0.1.My apache instance has the following modules loaded:proxy_module (shared)
proxy_connect_module (shared)
proxy_ajp_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)remoteip_module (shared)Here is my virtualhost stanza<VirtualHost _default_:8081>
ProxyPreserveHost On
ProxyPass /MYAPP/admin http://127.0.0.1:8081/MYAPP/admin
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.0/8
<Location /MYAPP/admin>
ProxyAddHeaders On
ProxyPassReverse /MYAPP/admin
# Only allow ?cmd=spkr
RewriteEngine On
RewriteCond %{QUERY_STRING} !cmd=spkr
RewriteRule .* - [F]
</Location>
</VirtualHost>According to the doc https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyaddheaders ProxyAddHeaders On should do the trick.I've done a packet capture to see if the X-Forwarded-For header is being generated by Apache but dropped on the floor in Tomcat and I'm not seeing X-Forwarded-For header coming from Apache.The slightly weird thing is that my tomcat app is also listening on port 5678 using AJP and that works if I change to ProxyPass /MYAPP/admin ajp://127.0.0.1:5678/MYAPP/admin. Calls to HttpRequest.getRemoteAddr() in my tomcat app correctly return the IP address of my client. I find it very hard to believe that proxy_ajp_module works fine and proxy_http_module somehow has a bug in it. So I must be missing some magic apache configuration setting.--John Pyeatt
Software Developer
(608) 661-1184 | john.pyeatt@xxxxxxxxxxxxxx
www.singlewire.com | Twitter | Facebook | LinkedIn
Keeping people safe and informed. Everywhere, every time.
![]()
