x-forwarded-for header not passed by AWS Application Load Balancer

Question

My tomcat application is not receiving X-Forwarded-For header from AWS Application load balancer. The load balancer is configured to offload SSL and connects with the tomcat application over HTTP. I am receiving other headers such as x-forwarded-proto, x-forwarded-port, x-amzn-trace-id. I am trying to find the client ip address but now stuck with it. I have also checked all the headers that I am receiving to find out the client ip address but it's just not there. Can anyone please help me?

Answer 1

This could be related to the tomcat configurations. Check whether you got following configs in tomcat to handle both X-Forwarded-For and X-Forwarded-proto headers

<filter>
    <filter-name>RemoteIpFilter</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
    <init-param>
      <param-name>protocolHeader</param-name>
      <param-value>x-forwarded-proto</param-value>
    </init-param>
  </filter>

  <filter-mapping>
    <filter-name>RemoteIpFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
  </filter-mapping>

Here's the configuration reference :https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Basic_configuration_to_handle_'x-forwarded-for'and'x-forwarded-proto'

You can find the configuration file in either $CATALINA_BASE/conf/web.xml or application's WEB-INF/web.xml

Tomcat provides a number of Filters which may be configured for use with all web applications using $CATALINA_BASE/conf/web.xml or may be configured for individual web applications by configuring them in the application's WEB-INF/web.xml.