To record the actual client's IP address to the trace log, enable
X-Forwarded-*
handling in both the intermediate HTTP server and the
PingDirectory server.
By default, when a PingDirectory server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it logs incoming requests as originating with the intermediate HTTP server instead of the client that sent the request.
When you set the use-forwarded-headers
property and enable an HTTP connection
handler to use Forwarded
or X-Forwarded-*
headers,
many intermediate HTTP servers add information about the original request that would
otherwise be lost.
If use-forwarded-headers
is set to true
, the server uses the
client IP address and port information in the Forwarded
or
X-Forwarded-*
headers instead of the address and port of the entity
that's sending the request (the load balancer). This client address information shows up
in logs, such as in the from field of the HTTP REQUEST and
HTTP RESPONSE messages.
If both the Forwarded
and X-Forwarded-*
headers are included
in the request, the Forwarded
header takes precedence. The
X-Forwarded-Prefix
header only overrides the context path for
HTTP servlet extensions, not for web application extensions.