To record the actual client's IP address to the trace log, enable
X-Forwarded-* handling in both the intermediate HTTP server and the
By default, when a PingDirectory server is sitting behind an intermediate HTTP server, such as a load balancer, a reverse proxy, or a cache, it logs incoming requests as originating with the intermediate HTTP server instead of the client that sent the request.
When you set the
use-forwarded-headers property and enable an HTTP connection
handler to use
many intermediate HTTP servers add information about the original request that would
otherwise be lost.
use-forwarded-headers is set to
true, the server uses the
client IP address and port information in the
X-Forwarded-* headers instead of the address and port of the entity
that's sending the request (the load balancer). This client address information shows up
in logs, such as in the from field of the HTTP REQUEST and
HTTP RESPONSE messages.
If both the
X-Forwarded-* headers are included
in the request, the
Forwarded header takes precedence. The
X-Forwarded-Prefix header only overrides the context path for
HTTP servlet extensions, not for web application extensions.