x-forwarded-for in CF 11

Report · Apr 28, 2016

Trying to get the actual ip address of a user with coldfusion sitting behind an F5 appliance. Researching I found the RemoteIpValve which can be placed in server.xml, but it does not seem to work on CF 11. Does anyone know of any tricks to getting this to work or does it not work at all in CF 11?

Thanks

Report · Apr 28, 2016

We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP

Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.

Report · Apr 28, 2016

Well, I can get the x_forwarded_for from the header right now. My biggest problem is not being able to set the debug ip addresses within CF Admin.

Report · Apr 28, 2016

Not sure I understand. What is the exactly are you trying to achieve?

Report · Apr 28, 2016

Debug information on our dev and test sites on each page. I can't open to all IPs, so need the CF server to see the CGI.remote_addr as my actual PC ip address so that I get debug information while others do not.

Report · Apr 28, 2016

Right I see, what did you try with the remoteIpValue option?

Was it along the lines of:

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />

I assume after the changes you restarted both IIS and CF?

Report · Apr 28, 2016

yes, that was exactly what I used and I did restart both.

Report · Apr 29, 2019

I realize this an older thread, but in case someone else may come across it looking for info on using the Tomcat remoteipvalve with CF, I wanted to offer some thoughts and ask a question:

Varzil, as for why the remoteipvalve did not work, can you tell us why you used remoteIpHeader="X-Forwarded-For", when you indicated in your earlier messages here that the header was "x_forwarded_for"? The difference between dash and underscore would be significant.

I can report that I have used this same approach and gotten the user's IP as forwarded by CloudFlare, which uses CF-Connecting-IP as the header. And rather than all those attributes (which may have value for some), I got by with just this:

placed in the server.xml (in cfusion/runtime/conf), and implemented either within the engine or host xml elements (for those who may find this and need to know more). Indeed, the remoteipvalve attributres are documented here:

RemoteIpValve (Apache Tomcat 8.5.40 API Documentation)

Hope that helps someone, and Varzil, if you may still have your setup to check things out, it would be interesting to hear if it may help you.

/Charlie (troubleshooter, carehart.org)

Adobe Community

x-forwarded-for in CF 11

1 Correct answer