Summary: | AccessLogValve Local IP/port inconsistent | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | andilist |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | default | ||
Hardware: | PC | ||
OS: | Linux |
Description
andilist
2014-01-23 23:14:58 UTC
I've been looking at the source and doing some testing. For the AJP protocol: - %a and %h always refer to the client as seen by the reverse proxy - %v is the host header received by the reverse proxy or the reverse proxy's host name for HTTP/1.0 or HTTP/0.9 requests - %A is always InetAddress.getLocalHost().getHostAddress() (or 127.0.0.1 if that fails) - %p is the port that the reverse proxy received the connection on The IP address that the reverse proxy received the connection on is not available in the AJP protocol. You could make this available by setting a custom HTTP header in the reverse proxy and then displaying the value of that header in the AccessLogValve. Because of the way AJP is implemented, it is probably easiest to expose the connector port the same way (since the reverse proxy must know what port it is sending the request to). It is highly unlikely that there is going to be any functional changes to Tomcat 6 this area. You do get much more control if you: - upgrade to Tomcat 7.0.x or Tomcat 8.0.x - switch to using HTTP rather than AJP for your reverse proxy - use the RemoteIpValve or RemoteIpFilter - configure the RemoteIpValve or RemoteIpFilter with requestAttributesEnabled=true - configure the AccessLogValve with requestAttributesEnabled=false With this configuration the standard access log valve elements will record the values as seen by Tomcat. The values as seen by the proxy will be available as request attributes that can be included in the access log via the %{xxx}r pattern. I'm not going to resolve this just yet as I think the documentation (for all Tomcat versions) could be improved to make clear exactly what gets logged and/or when what gets logged varies. Some related info is contained in http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html It also contains the names of the Apache variables one can set if one wants to override the data automatically forwarded via AJP by mod_jk (not mod_proxy_ajp). I've added some links to the AccessLogValve docs for trunk, 8.0.x (8.0.21 onwards), 7.0.x (7.0.60 onwards) and 6.0.x (6.0.44 onwards). It loks like what you want to do is possible via configuration. If you need further pointers, please use the users mailing list. |