ProxyPass, ProxyReverse vs AJP

Asked 25/7, 2009 at 2:5 Answered 2/12, 2012 at 21:36

I currently have a Tomcat + Apache HTTP server setting to serve my Java servlet:

ProxyPass /myservice http://localhost:8080/myservice
ProxyPassRerverse /myservice http://localhost:8080/myservice

This is all fine except that myservice needs to know the client IP address, which always turns out to be 127.0.0.1 due to the proxy. Is there a solution to get the real IP address? Is AJP an option?

doGet(HttpServletRequest request, HttpServletResponse response){
    request.getRemoteAddr()
}

Rosas answered 25/7, 2009 at 2:5 Comment(0)

Do it like this:

in the apache config:

<Location /foo>
  ProxyPass ajp://localhost:8009/foo
  ProxyPassReverse ajp://localhost:8009/foo
</Location>

And then in your server.xml:

<Connector port="8009" 
           enableLookups="false" secure="true" URIEncoding="UTF-8"
           tomcatAuthentication="false"
           protocol="AJP/1.3" />

That should pass everything through. The AJP protocol passes the info, but http: doesn't.

You may not want secure="true", I use that because SSL is handled at the apache layer and I need tomcat to know that the connection should be considered a secure one.

Mclellan answered 25/7, 2009 at 2:47 Comment(6)

I have got client denied by server configuration: proxy:ajp://127.0.0.1:8009/tomcat error in the error.log I had to change the Proxy * setting from Deny all to Deny none in /etc/apache2/mods-enabled/proxy.conf Just mentioning here for future lookups. – Carmelocarmen 6/7, 2011 at 1:25

This helped me a lot. I was an idiot and put http instead of ajp...LOL! – Olatha 27/3, 2013 at 20:34

Please consider modifying your ProxyPassReverse setting, since this seems to be a common mistake according to humboldt.co.uk/2009/02/the-mystery-of-proxypassreverse.html – Nasty 15/4, 2013 at 1:43

@Jack: Your linked article is useful, but the address is broken. humboldt.co.uk/the-mystery-of-proxypassreverse seems to work. – Anthologize 26/9, 2014 at 2:38

Man, you made my day! Your response helped me twice. You're a genius. How did you acquire expertize in this field I may ask? – Oe 17/3, 2015 at 17:44

Is it possible to retrieve headers like X-FORWARDED-FOR or X-FORWARDED-HOST? – Oe 17/3, 2015 at 18:8

You can read the X-Forwarded-For in the request header.

From the Apache mod_proxy documentation:

When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server. These headers are:

X-Forwarded-For: The IP address of the client.

X-Forwarded-Host: The original host requested by the client in the Host HTTP request header.

X-Forwarded-Server: The hostname of the proxy server.

Be careful when using these headers on the origin server, since they will contain more than one (comma-separated) value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i in the log format string of the origin server to log the original clients IP address, but you may get more than one address if the request passes through several proxies.

In your servlet, you would have:

doGet(HttpServletRequest request, HttpServletResponse response){
  request.getHeader("X-Forwarded-For")
}

Kreplach answered 2/12, 2012 at 21:36 Comment(1)

Caution: X-Forwarded_For vs X-Forwarded-For... Copy-pasting your code can be dangerous :) – Degroot 23/1, 2013 at 16:11

this is very simple:

<VirtualHost> 

 ServerName www.server.com

 redirect / http://www.server.com/foo

 ProxyRequests off
 ProxyPass / ajp://localhost:8009/

</VirtualHost>

Vicarage answered 13/12, 2010 at 8:25 Comment(0)

Recommended topics

Hot tags