0

We're attempting to identify where specific requests are coming from inside our Java application. We have changed the log files to include the IP address and we're using httpServletRequest.getRemoteAddr() to get that remote address.

When using xinetd to forward external requests on port 443 to an internal port our application server is listening on (e.g. 8999), getRemoteAddr() always returns 127.0.0.1. If we remove xinetd from the stack, we get the correct address.

Note that the X-Forwarded-For header does not get populated either.

Is there any way to continue to use xinetd to port forward without it stripping out the requestor's IP address?

Our setup:

service https
{
    disable = no
    flags = REUSE
    socket_type = stream
    wait = no
    user = root
    port = 443
    protocol = tcp
    redirect = localhost 8999
    log_on_failure += USERID
}
Chris Williams
  • 255
  • 1
  • 4
  • 13

2 Answers2

1

The short answer is no.

The long answer, your java app see just the xinetd server from localhost.

This cannot be done by xinetd alone. Use a proxy server to get the full features of headers and etc.

Apparently is the same problem: tomcat6 behind xinetd - real client ip

Community
  • 1
Sacx
  • 2,541
  • 15
  • 13
0

Your server stack may be buggy or outdated. On my server (3.19.0-41-generic 14.04.2-Ubuntu, xinetd 2.3.15 libwrap loadavg) xinetd does forward the needed header no problem. I would propose to upgrade the server stack. You can get the xinetd version with

xinetd -version

Also check if you have configured the RemoveIpValve on Tomcat properly. For the configuration like yours, conf/server.xml should contain something like

<Engine name="Catalina" defaultHost="localhost">
  <Valve className="org.apache.catalina.valves.RemoteIpValve"
    remoteIpProxiesHeader="x-forwarded-by"
    remoteIpHeader="x-forwarded-for"
    internalProxies="127\.0\.0\.1" 
    protocolHeader="x-forwarded-proto" />
h22
  • 234
  • 2
  • 9