Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-58563

Enable use of x-forwarded-for to log browser IP addresses

XMLWordPrintable

    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for Confluence Server.

      Problem

      Confluence access logging is not able to log client IPs when a proxy is place. Load balancers and reverse proxy devices commonly use the "x-forwarded-for" HTTP header to enable logging of the actual visitor IP address rather than the proxy IP address.

      Suggested Solution

      Enable configuration of Confluence to log the IP address from the "x-forwarded-for" header to the access logs.

      Workaround

      Customers have reported that modifying the log4j configuration of Confluence is not a viable workaround. Fortunately, this can be achieved using the access logs that are enabled by default in the Tomcat container that ships with Confluence.

      1. Edit the file CONFLUENCE_INSTALL_DIR/conf/server.xml
      2. Insert this line before the line with "AccessLogValve": 
        <Valve
	className="org.apache.catalina.valves.RemoteIpValve"
	internalProxies="PROXY_IP_ADDRESS" />
        • Escape the "." characters in PROXY_IP_ADDRESS with a backlash. Example: internalProxies="1\.1\.1\.8"
      3. Configure AccessLogValve to accept the substituted IP from RemoteIpValve by adding the requestAttributesEnabled attribute to the AccessLogValve: 
        <Valve className="org.apache.catalina.valves.AccessLogValve"
    requestAttributesEnabled="true"
    ... EXISTING_ATTRIBUTES ...
/>

      For full details see the Tomcat RemoteIpValve documentation.

            [CONFSERVER-58563] Enable use of x-forwarded-for to log browser IP addresses

            Gonchik Tsymzhitov added a comment -

            it will be nice, and it will reduce number reconfigurations

            Gonchik Tsymzhitov added a comment - it will be nice, and it will reduce number reconfigurations

              Unassigned Unassigned
              wlintz Wade Lintz (Inactive)
              Votes:
              17 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: