Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
Problem
JIRA access logging is not able to log client IPs when a proxy is place. Load balancers and reverse proxy devices commonly use the "x-forwarded-for" HTTP header to enable logging of the actual visitory IP address rather than the proxy IP address.
Suggested Solution
Enable configuration of JIRA to log the IP address from the "x-forwarded-for" header to the access logs.
Workaround
Customers have reported that modifying the log4j configuration of JIRA is not a viable workaround. Fortunately, this can be achieved using the access logs that are enabled by default in the Tomcat container that ships with JIRA.
- Edit the file JIRA_INSTALL_DIR/conf/server.xml
- Insert this line before the line with "AccessLogValve":
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="PROXY_IP_ADDRESS" />
Escape the "." characters in PROXY_IP_ADDRESS with a backlash. Example: internalProxies="1\.1\.1\.8"
- Configure AccessLogValve to accept the substituted IP from RemoteIpValve by adding the requestAttributesEnabled attribute to the AccessLogValve:
<Valve className="org.apache.catalina.valves.AccessLogValve" requestAttributesEnabled="true" ... EXISTING_ATTRIBUTES ... />
For full details see the Tomcat RemoteIpValve documentation.
Attachments
Issue Links
- is related to
-
- Gathering Interest
- relates to
-
- Closed