Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-2049

[EAP6] access log sometimes does not log forwarded-for addresses, as ordering of global valves is undefined on EAP6

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • EAP64 1.6.0.GA
    • EAP6, Upstream

      An EAP6 deployment with ENABLE_ACCESS_LOG=true configures the following valves:

      <valve name="remoteIp" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteIpValve">
                      <param param-name="remoteIpHeader" param-value="X-Forwarded-For"/>
                      <param param-name="protocolHeader" param-value="X-Forwarded-Proto"/>
                  </valve>
                  <valve name="accessLog" module="org.jboss.openshift" class-name="org.jboss.openshift.valves.StdoutAccessLogValve">
                      <param param-name="pattern" param-value="%h %l %u %t %{X-Forwarded-Host}i &quot;%r&quot; %s %b"/>
                  </valve>
      

      Usually this causes the StdoutAccessLogValve to log the forwarded-for IP addresses in the access log, however, in some runs, the router IP address is logged instead on every request.

      The problem seems to be that the ordering of the global valves is not defined in EAP6, so sometimes the StdoutAccessLogValve is configured before the RemoteIpValve valve (See https://access.redhat.com/solutions/711483 )

              wdecoste1@redhat.com William Decoste (Inactive)
              maschmid@redhat.com Marek Schmidt
              Marek Schmidt Marek Schmidt
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: