Copy link to clipboard
Copied
Trying to get the actual ip address of a user with coldfusion sitting behind an F5 appliance. Researching I found the RemoteIpValve which can be placed in server.xml, but it does not seem to work on CF 11. Does anyone know of any tricks to getting this to work or does it not work at all in CF 11?
Thanks
We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP
Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.
Copy link to clipboard
Copied
We just use CGI.HTTP_X_Forwarded_For as it is available in the CGI scope. It will probably return multiple results in a comma delimited list. The first IP is usually the real IP
Try dumping the CGI scope OR GetHttpRequestData() to see if you can see it in there at all. The appliance may have to be configured to send the header correctly though.
Copy link to clipboard
Copied
Well, I can get the x_forwarded_for from the header right now. My biggest problem is not being able to set the debug ip addresses within CF Admin.
Copy link to clipboard
Copied
Not sure I understand. What is the exactly are you trying to achieve?
Copy link to clipboard
Copied
Debug information on our dev and test sites on each page. I can't open to all IPs, so need the CF server to see the CGI.remote_addr as my actual PC ip address so that I get debug information while others do not.
Copy link to clipboard
Copied
Right I see, what did you try with the remoteIpValue option?
Was it along the lines of:
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />
I assume after the changes you restarted both IIS and CF?
Copy link to clipboard
Copied
yes, that was exactly what I used and I did restart both.
Copy link to clipboard
Copied
I realize this an older thread, but in case someone else may come across it looking for info on using the Tomcat remoteipvalve with CF, I wanted to offer some thoughts and ask a question:
Varzil, as for why the remoteipvalve did not work, can you tell us why you used remoteIpHeader="X-Forwarded-For", when you indicated in your earlier messages here that the header was "x_forwarded_for"? The difference between dash and underscore would be significant.
I can report that I have used this same approach and gotten the user's IP as forwarded by CloudFlare, which uses CF-Connecting-IP as the header. And rather than all those attributes (which may have value for some), I got by with just this:
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="CF-Connecting-IP" />
placed in the server.xml (in cfusion/runtime/conf), and implemented either within the engine or host xml elements (for those who may find this and need to know more). Indeed, the remoteipvalve attributres are documented here:
RemoteIpValve (Apache Tomcat 8.5.40 API Documentation)
Hope that helps someone, and Varzil, if you may still have your setup to check things out, it would be interesting to hear if it may help you.