Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-2049

[EAP6] access log sometimes does not log forwarded-for addresses, as ordering of global valves is undefined on EAP6

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Major
    • None
    • EAP64 1.6.0.GA
    • EAP6, Upstream

    Description

      An EAP6 deployment with ENABLE_ACCESS_LOG=true configures the following valves:

      <valve name="remoteIp" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteIpValve">
                <param param-name="remoteIpHeader" param-value="X-Forwarded-For"/>
                <param param-name="protocolHeader" param-value="X-Forwarded-Proto"/>
            </valve>
            <valve name="accessLog" module="org.jboss.openshift" class-name="org.jboss.openshift.valves.StdoutAccessLogValve">
                <param param-name="pattern" param-value="%h %l %u %t %{X-Forwarded-Host}i &quot;%r&quot; %s %b"/>
            </valve>

      Usually this causes the StdoutAccessLogValve to log the forwarded-for IP addresses in the access log, however, in some runs, the router IP address is logged instead on every request.

      The problem seems to be that the ordering of the global valves is not defined in EAP6, so sometimes the StdoutAccessLogValve is configured before the RemoteIpValve valve (See https://access.redhat.com/solutions/711483 )

      Attachments

        Issue Links

          blocks

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) CLOUD-2054 [JDV][SSO][JDG65][JDG71] Make accessLog enabled iff ENABLE_ACCESS_LOG=true

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) CLOUD-2024 [EAP6] Enable RemoteIPValve by default

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              wdecoste1@redhat.com William Decoste (Inactive)
              maschmid@redhat.com Marek Schmidt
              Marek Schmidt Marek Schmidt
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: