46

We are using ProxyPass to redirect all "/r" requests to jboss on port 18080 as follows:

ProxyPreserveHost on
ProxyPass /r http://localhost:18080/redirectService/
ProxyPassReverse /r http://localhost:18080/redirectService/

But, that causes the IP address logged in jboss's access log as "127.0.0.1". Does somebody know how can we preserve the original IP from where the request came in HttpServletRequest? We want to acesss it from jboss servlet request in doGet()

ashweta
  • 1,437
  • 3
  • 17
  • 19

5 Answers5

38

The answer of JasonW is fine. But since apache httpd 2.4.6 there is a alternative: mod_remoteip

All what you must do is:

  1. May be you must install the mod_remoteip package

  2. Enable the module:

    LoadModule remoteip_module modules/mod_remoteip.so

  3. Add the following to your apache httpd config. Note that you must add this line not into the configuration of the proxy server. You must add this to the configuration of the proxy target httpd server (the server behind the proxy):

    RemoteIPHeader X-Forwarded-For
# replace IP with the remote server you trust
RemoteIPInternalProxy 10.123.123.1/24

See at http://httpd.apache.org/docs/trunk/mod/mod_remoteip.html for more information and more options.

Security warning! Only do this for proxies you trust. Otherwise someone can fake their IP.

Nux
  • 9,276
  • 5
  • 59
  • 72
Steffen
  • 2,500
  • 4
  • 31
  • 47
  • 2
    What is the setup you re describing here ? Is it apache behind another apache ? Is this applicable for jboss behind apache ? – Pavel Niedoba Aug 22 '16 at 12:41
  • Yes. Add the mod_remoteip package to the apache behind the proxy server. mod_remoteip replace the IP address of the proxy server with the value of X-Forward-For which contains the original IP address of the web client. – Steffen Jun 26 '17 at 19:16
  • Remember to always use this with `RemoteIPInternalProxy` or similar security feature. Creating a fake IP is normally rather hard. Creating fake XFF header is not that hard. – Nux Jul 20 '21 at 23:33
  • Note that you also have to change the log-format in the *proxy target httpd server*, see https://serverfault.com/questions/846695/preserve-client-ip-through-apache-reverse-proxy – dr0i Oct 28 '21 at 13:29
36

You can get the original host from X-Forwarded-For header field.

andri
  • 11,171
  • 2
  • 38
  • 49
14

This has a more elegant explanation and more than one possible solutions. http://kasunh.wordpress.com/2011/10/11/preserving-remote-iphost-while-proxying/

The post describes how to use one popular and one lesser known Apache modules to preserve host/ip while in a setup involving proxying.

Use mod_rpaf module, install and enable it in the backend server and add following directives in the module’s configuration. RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1

(2017 edit) Current location of mod_rpaf: https://github.com/gnif/mod_rpaf

Dan Pritts
  • 1,274
  • 16
  • 14
JasonW
  • 141
  • 1
  • 2
  • 5
    It's better if you actually summarise what the link is about and/or quote the most relevant part. Otherwise it just looks like you're spamming. – random Nov 26 '11 at 05:42
  • RPAF can also trick a site into thinking it is being accessed over HTTPS, for ssl-terminating proxies. – Quentin Skousen Nov 02 '15 at 22:46
8

If you are using Apache reverse proxy for serving an app running on a localhost port you must add a location to your vhost.

<Location />            
   ProxyPass http://localhost:1339/ retry=0
   ProxyPassReverse http://localhost:1339/
   ProxyPreserveHost On
   ProxyErrorOverride Off
</Location>

To get the IP address have following options 

console.log(">>>", req.ip);// this works fine for me returned a valid ip address 
console.log(">>>", req.headers['x-forwarded-for'] );// returned a valid IP address 
console.log(">>>", req.headers['X-Real-IP'] ); // did not work returned undefined 
console.log(">>>", req.connection.remoteAddress );// returned the loopback IP address

So either use req.ip or req.headers['x-forwarded-for']

Tarun Gupta
  • 6,305
  • 2
  • 42
  • 39
  • 1
    What does "Location" tag do? – Kapil Jun 12 '18 at 11:36
  • "ProxyPreserveHost On" made the trick for me. I didn't know you can put in inside a location tag to affect the reverse proxy based on a location. Thanks. – Israelm Sep 10 '19 at 20:02
8

If you have the capability to do so, I would recommend using either mod-jk or mod-proxy-ajp to pass requests from Apache to JBoss. The AJP protocol is much more efficient compared to using HTTP proxy requests and as a benefit, JBoss will see the request as coming from the original client and not Apache.

Jason Fritcher
  • 1,471
  • 9
  • 12