Configuring CF10 to use X-forwarded-for instead of remote_addr

Forum|Forum|12 years ago
January 21, 2014
1 reply
1974 views

I am using an AWS instance behind a load balancer with NAT. It has its advantages, but one of its disadvantages is the remote_addr coming through is the remote_addr of the ELB.

http://leaguemanager.playerspace.com/test.cfm

What I'm trying to do is trick or configure the CF10 Administrator > Debugging and Logging > Enabled Request Debugging Output to use the x-forwarded-for as opposed to the remote_addr so I can use server debugging without that information being made visible to the public.

Is this possible by, say, modifying a file somewhere, to have the IP addresses set in Debugging and Logging > Debugging IP Addresses to be matched with the true client's personal IP (x-forwarded-for)?

JS

This topic has been closed for replies.

A

Anonymous

Never mind, I figured it out.

c:\coldfusion10\cfusion\runtime\conf\server.xml

Added

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />

pixelbendr

Participating Frequently

We want to take this a step further... We'd like to use OneLogin for credentialing and only make CFDebug output shown to people who are logged in with the right credentials. Do you know if there is a way to instead of looking at IP addresses to examine the role of the logged in person?

WolfShade

Legend

That should be easily done. Are the people logged on with name/password? Or is there a smart card (like a CAC) involved?

I'm Googling OneLogin, now.

What version of CF are you running? Apache, or IIS?

V/r,

^ _ ^

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded