• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

x-forwarded-for in CF 11

Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

Trying to get the actual ip address of a user with coldfusion sitting behind an F5 appliance.  Researching I found the RemoteIpValve which can be placed in server.xml, but it does not seem to work on CF 11.  Does anyone know of any tricks to getting this to work or does it not work at all in CF 11?

Thanks

Views

2.6K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Advocate , Apr 28, 2016 Apr 28, 2016

We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP

Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.

Votes

Translate

Translate
Advocate ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP

Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

Well, I can get the x_forwarded_for from the header right now.  My biggest problem is not being able to set the debug ip addresses within CF Admin.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

Not sure I understand. What is the exactly are you trying to achieve?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

Debug information on our dev and test sites on each page.  I can't open to all IPs, so need the CF server to see the CGI.remote_addr as my actual PC ip address so that I get debug information while others do not.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

Right I see, what did you try with the remoteIpValue option?

Was it along the lines of:

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />

I assume after the changes you restarted both IIS and CF?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Copy link to clipboard

Copied

yes, that was exactly what I used and  I did restart both.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 29, 2019 Apr 29, 2019

Copy link to clipboard

Copied

LATEST

I realize this an older thread, but in case someone else may come across it looking for info on using the Tomcat remoteipvalve with CF, I wanted to offer some thoughts and ask a question:

Varzil, as for why the remoteipvalve did not work, can you tell us why you used remoteIpHeader="X-Forwarded-For", when you indicated in your earlier messages here that the header was "x_forwarded_for"? The difference between dash and underscore would be significant.

I can report that I have used this same approach and gotten the user's IP as forwarded by CloudFlare, which uses CF-Connecting-IP as the header. And rather than all those attributes (which may have value for some), I got by with just this:

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="CF-Connecting-IP" />

placed in the server.xml (in cfusion/runtime/conf), and implemented either within the engine or host xml elements (for those who may find this and need to know more). Indeed, the remoteipvalve attributres are documented here:

RemoteIpValve (Apache Tomcat 8.5.40 API Documentation)

Hope that helps someone, and Varzil, if you may still have your setup to check things out, it would be interesting to hear if it may help you.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation