Skip to main content
A
Anonymous
January 21, 2014
Question

Configuring CF10 to use X-forwarded-for instead of remote_addr

  • January 21, 2014
  • 1 reply
  • 1974 views

I am using an AWS instance behind a load balancer with NAT. It has its advantages, but one of its disadvantages is the remote_addr coming through is the remote_addr of the ELB.

http://leaguemanager.playerspace.com/test.cfm

What I'm trying to do is trick or configure the CF10 Administrator > Debugging and Logging > Enabled Request Debugging Output to use the x-forwarded-for as opposed to the remote_addr so I can use server debugging without that information being made visible to the public.

Is this possible by, say, modifying a file somewhere, to have the IP addresses set in Debugging and Logging > Debugging IP Addresses to be matched with the true client's personal IP (x-forwarded-for)?

JS


This topic has been closed for replies.

1 reply

A
Anonymous
January 21, 2014

Never mind, I figured it out.

c:\coldfusion10\cfusion\runtime\conf\server.xml

Added

  • <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />
    pixelbendr
    pixelbendr
    Participating Frequently
    April 10, 2018

    We want to take this a step further...  We'd like to use OneLogin for credentialing and only make CFDebug output shown to people who are logged in with the right credentials.  Do you know if there is a way to instead of looking at IP addresses to examine the role of the logged in person?

    WolfShade
    WolfShade
    Legend
    April 10, 2018

    Thanks, my question was less about how to figure out if our Developers are logged in with a developer role, we can already do that.  It's more about figuring out how to only output debug info if developers are logged in.  We'd like to avoid turn on debug for everyone and then try to programmatically turn it off for everyone who's not a developer, hackers can probably find a way around that by going directly to a cfinclude page or something that might not have debug excluded.  What I'd love to find is a cftag that can output the same cfdebug info but only when we choose, so I can check if a Developer is logged in and the server is Development or Stage and then output Debug info.  Can't find a way to do that yet...


    <cfswitch expression="{user is developer}">

         <cfcase value="yes">

              <cfsetting showdebugoutput="yes"/>

         </cfcase>

         <cfdefaultcase>

              <cfsetting showdebugoutput="no" />

         </cfdefaultcase>

    </cfswitch>

    HTH,

    ^ _ ^

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices