In some situations you'd like to know from a component whether your request has been forwarded by a reverse proxy. A real life usecase: HTTPd => Tomcat; Tomcat does auth, logs in access.log => HTTPd => logs in access.log, REMOTE_USER is empty. Logs are inconsistent. If this flag is set AuthenticatorBase can check this and write request#getRemoteUser() + auth method to the response headers which HTTPd can picked up and make access.log consistent. This is required by: 62496 A PR is in preparation.
PR delivered: https://github.com/apache/tomcat/pull/178 Will then back port.
Fixed in: - master for 9.0.23 onwards - 8.5.x for 8.5.44 onwards - 7.0.x for 7.0.95 onwards