[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] getRemoteAddr() returning private ip number

Just stumbled upon the same issue...
In my case the original X-Forwarded-* headers were of no interest and could simply be erased, using Apache's mod_headers:




RequestHeader unset X-Forwarded-For
RequestHeader unset X-Forwarded-Host
RequestHeader unset X-Forwarded-Server

RequestHeader set X-Forwarded-Proto https env=HTTPS
RequestHeader set X-Forwarded-Proto http env=!HTTPS

ProxyPass ...




On Mon, 11 Jul 2011 20:06:38 +0200, Tore Halset <halset@xxxxxxxxxxx> wrote:

Hello.

With forwarding turned on, it looks like HttpServletRequest#getRemoteAddr() return the leftmost element of "X-Forwarded-For", but I expected the rightmost element. Is this the expected behavior of jetty?

Please note that I am using forwarded=true on the connector and "ProxyPreserveHost On" in Apache httpd.

For now, I will parse the header my self.

Regards,
 - Tore.

On Jul 11, 2011, at 17:34 , Tore Halset wrote:

Thanks. I already have forwarded=true set in etc/jetty.xml

<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><SystemProperty name="jetty.port" default="8080"/></Set>
<Set name="forwarded">true</Set>
</New>
</Arg>
</Call>


Any more hints?

Regards,
- Tore.

On Jul 11, 2011, at 16:23 , Chad La Joie wrote:

Please review the documentation for setting up Jetty behind Apache:
http://wiki.eclipse.org/Jetty/Tutorial/Apache

It covers this use case.

On 7/11/11 10:19 AM, Tore Halset wrote:
Hello.

We have an installation with jetty 7.3.0.v20110203 behind a Apache http server (not using ajp, just http). For one particular client, HttpServletRequest#getRemoteAddr() return the private ip number starting with "10." used inside the clients network. I expected to see the clients public external ip address. The correct external ip number is reported in the request log.

Should I use something else than HttpServletRequest#getRemoteAddr()?

Regards,
- Tore.