Exit
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0

x-forwarded-for in CF 11

Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Trying to get the actual ip address of a user with coldfusion sitting behind an F5 appliance.  Researching I found the RemoteIpValve which can be placed in server.xml, but it does not seem to work on CF 11.  Does anyone know of any tricks to getting this to work or does it not work at all in CF 11?

Thanks

3.2K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Advocate , Apr 28, 2016 Apr 28, 2016

We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP

Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.

Translate
Advocate ,
Apr 28, 2016 Apr 28, 2016

We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP

Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Well, I can get the x_forwarded_for from the header right now.  My biggest problem is not being able to set the debug ip addresses within CF Admin.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 28, 2016 Apr 28, 2016

Not sure I understand. What is the exactly are you trying to achieve?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 28, 2016 Apr 28, 2016

Debug information on our dev and test sites on each page.  I can't open to all IPs, so need the CF server to see the CGI.remote_addr as my actual PC ip address so that I get debug information while others do not.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 28, 2016 Apr 28, 2016

Right I see, what did you try with the remoteIpValue option?

Was it along the lines of:

<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />

I assume after the changes you restarted both IIS and CF?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 28, 2016 Apr 28, 2016

yes, that was exactly what I used and  I did restart both.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Apr 29, 2019 Apr 29, 2019
LATEST

I realize this an older thread, but in case someone else may come across it looking for info on using the Tomcat remoteipvalve with CF, I wanted to offer some thoughts and ask a question:

Varzil, as for why the remoteipvalve did not work, can you tell us why you used remoteIpHeader="X-Forwarded-For", when you indicated in your earlier messages here that the header was "x_forwarded_for"? The difference between dash and underscore would be significant.

I can report that I have used this same approach and gotten the user's IP as forwarded by CloudFlare, which uses CF-Connecting-IP as the header. And rather than all those attributes (which may have value for some), I got by with just this:

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="CF-Connecting-IP" />

placed in the server.xml (in cfusion/runtime/conf), and implemented either within the engine or host xml elements (for those who may find this and need to know more). Indeed, the remoteipvalve attributres are documented here:

RemoteIpValve (Apache Tomcat 8.5.40 API Documentation)

Hope that helps someone, and Varzil, if you may still have your setup to check things out, it would be interesting to hear if it may help you.


/Charlie (troubleshooter, carehart. org)
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources