Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-22399

User Sessions page should read/show X-Forwarded-For HTTP header

XMLWordPrintable

    • 1
    • 7
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Currently if JIRA is running behind Apache or another proxy server, the "User Sessions" page will show only the IP address of the reverse proxy itself, not the user.

      this seems to be fixed in 6.0.6. However, haven't test this for any version prior to JIRA 6.0.6

        1. JRA-22399--JIRA-fronted-by-Apache-and-no-X-Header-Forward.png
          JRA-22399--JIRA-fronted-by-Apache-and-no-X-Header-Forward.png
          26 kB
        2. user-sessions-IP-fixed.JPG
          user-sessions-IP-fixed.JPG
          21 kB

          Form Name

            [JRASERVER-22399] User Sessions page should read/show X-Forwarded-For HTTP header

            Matt Zuba added a comment -

            Adding the RemoteIPValve (and adjusting the AccessLog valve) seems to have done the trick for me in 8.9.  Even though this page indicates it's for Datacenter only, it applies to Server as well, at least as of this comment: https://confluence.atlassian.com/jirakb/how-to-log-the-client-source-ip-in-access-logs-for-jira-data-center-978196913.html

            Matt Zuba added a comment - Adding the RemoteIPValve (and adjusting the AccessLog valve) seems to have done the trick for me in 8.9.  Even though this page indicates it's for Datacenter only, it applies to Server as well, at least as of this comment:  https://confluence.atlassian.com/jirakb/how-to-log-the-client-source-ip-in-access-logs-for-jira-data-center-978196913.html

            newrulez added a comment - - edited

            i searched through a lot of internet sites. here finally i found the solution with the valve config. thanks dude! working fine now with nginx!

            newrulez added a comment - - edited i searched through a lot of internet sites. here finally i found the solution with the valve config. thanks dude! working fine now with nginx!

            Mark Symons added a comment -

            I see the comment that indicates that there are still problems when using nginx. However, I can confirm that things look good with Apache & JIRA v6.0.8

            I have not tweaked server.xml to use RemoteIPValve.

            I attach a screenshot that shows behaviour with Apache. I have also compared what things look like when rinetd is used as a forwarder... a bug in rinetd means that JIRA will never be able to show the client IP.

            Mark Symons added a comment - I see the comment that indicates that there are still problems when using nginx. However, I can confirm that things look good with Apache & JIRA v6.0.8 I have not tweaked server.xml to use RemoteIPValve. I attach a screenshot that shows behaviour with Apache. I have also compared what things look like when rinetd is used as a forwarder... a bug in rinetd means that JIRA will never be able to show the client IP.

            Jacek Konieczny added a comment -

            I had to use the 'RemoteIpValve' with JIRA 6.0.8, so I would not say it is fixed.

            I use JIRA behind nginx with the following configuration for passing original request source:

            			proxy_pass              http://localhost:8080;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_set_header	X-Forwarded-Proto $scheme;
			proxy_set_header        Host $http_host;
			proxy_http_version 	1.1;

            Jacek Konieczny added a comment - I had to use the 'RemoteIpValve' with JIRA 6.0.8, so I would not say it is fixed. I use JIRA behind nginx with the following configuration for passing original request source: proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_http_version 1.1;

            Janet Albion (Inactive) added a comment -

            this seems to be fixed in 6.0.6. However, haven't test this for any version prior to JIRA 6.0.6

            Janet Albion (Inactive) added a comment - this seems to be fixed in 6.0.6. However, haven't test this for any version prior to JIRA 6.0.6

            Jonas Ingenerf added a comment -

            Thanks David! It works for JIRA 4.4.4.

            Jonas Ingenerf added a comment - Thanks David! It works for JIRA 4.4.4.

            David Yu added a comment -

            I've been testing RemoteIPValve

            This seems to work...modify your server.xml and add this Valve after the <Engine> tag:

                    <Engine name="Catalina" defaultHost="localhost">
 <Valve 
   className="org.apache.catalina.valves.RemoteIpValve"
   internalProxies="127\.0\.0\.1"
   remoteIpHeader="x-forwarded-for"
   remoteIpProxiesHeader="x-forwarded-by"
   protocolHeader="x-forwarded-proto"
   />
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

            David Yu added a comment - I've been testing RemoteIPValve This seems to work...modify your server.xml and add this Valve after the <Engine> tag: <Engine name= "Catalina" defaultHost= "localhost" > <Valve className= "org.apache.catalina.valves.RemoteIpValve" internalProxies= "127\.0\.0\.1" remoteIpHeader= "x-forwarded- for " remoteIpProxiesHeader= "x-forwarded-by" protocolHeader= "x-forwarded-proto" /> <Host name= "localhost" appBase= "webapps" unpackWARs= " true " autoDeploy= " true " >

            Sergey Markovich added a comment -

            +1

            Sergey Markovich added a comment - +1

            Mark Symons added a comment -

            +1 vote. I have a lot of user sessions where the user is logged as "Not available" and the inability to see the IP address means that I cannot see patterens... know if there is a problem or where the problem is originating. As it happens, there WAS a problem - someone was playing with JIRA CLI and managed to create scores of SOAP sessions. A fix to this issue would have told me the IP address (without any need to dig deep or look at any logs) and I could then have tracked down the culprit.

            Mark Symons added a comment - +1 vote. I have a lot of user sessions where the user is logged as "Not available" and the inability to see the IP address means that I cannot see patterens... know if there is a problem or where the problem is originating. As it happens, there WAS a problem - someone was playing with JIRA CLI and managed to create scores of SOAP sessions. A fix to this issue would have told me the IP address (without any need to dig deep or look at any logs) and I could then have tracked down the culprit.

            Deleted Account (Inactive) added a comment -

            bump ...

            Deleted Account (Inactive) added a comment - bump ...

              Unassigned Unassigned
              nmason Nick Mason
              Votes:
              52 Vote for this issue
              Watchers:
              38 Start watching this issue

                Created:
                Updated: