Use dsconfig or the administrative console to configure PingAuthorize Server to get traffic through a load balancer and to record the actual client's IP address.
To record the actual client's IP address to the trace log, enable
X-Forwarded-*
handling in both the intermediate HTTP server and the
PingAuthorize Server.
By default, when a PingAuthorize Server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it logs incoming requests as originating with the intermediate HTTP server instead of the client that sent the request.
When you set the use-forwarded-headers
property and enable an HTTP
connection handler to use Forwarded
or X-Forwarded-*
headers, many intermediate HTTP servers add information about the original request that
would otherwise be lost.
If use-forwarded-headers
is set to true
, the server
uses the client IP address and port information in the Forwarded
or
X-Forwarded-*
headers instead of the address and port of the entity
that's sending the request (the load balancer). This client address information shows up
in logs, such as in the from field of the HTTP REQUEST and
HTTP RESPONSE messages.
If both the Forwarded
and X-Forwarded-*
headers are
included in the request, the Forwarded
header takes precedence. The
X-Forwarded-Prefix
header only overrides the context path for
HTTP servlet extensions, not for web application extensions.