By default, when a PingDirectory server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it logs incoming requests as originating with the intermediate HTTP server instead of the client that sent the request.

When you set the use-forwarded-headers property and enable an HTTP connection handler to use Forwarded or X-Forwarded-* headers, many intermediate HTTP servers add information about the original request that would otherwise be lost.

If use-forwarded-headers is set to true, the server uses the client IP address and port information in the Forwarded or X-Forwarded-* headers instead of the address and port of the entity that's sending the request (the load balancer). This client address information shows up in logs, such as in the from field of the HTTP REQUEST and HTTP RESPONSE messages.


If both the Forwarded and X-Forwarded-* headers are included in the request, the Forwarded header takes precedence. The X-Forwarded-Prefix header only overrides the context path for HTTP servlet extensions, not for web application extensions.