How to Log X-Forwarded-For HTTP Header on Glassfish Application Server

Yesterday i was talking with my friend, on how Glassfish Application Server able to log the http request’s original user ip. Because my Glassfish is behind Apache ModProxy, so what is logging om my Glassfish’s access log file is my proxy’s ip address.

My apache modproxy ip is 192.168.56.102, while my original ip is 192.168.56.101. So im planning to see “192.168.56.101″ on my Glassfish access log instead of “192.168.56.102″ which is my proxy’s ip.

This is my Access Logging screenshot,

But before you do that, please make sure, you checked the Access Logging checkbox

And this is the result of my Glassfish’s Access Log File, which is located at, <glassfish installation folder>/glassfish/domains/domain1/logs/access

"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:11 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:12 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:12 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:13 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:13 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:13 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:13 +0700" "GET // HTTP/1.1" 200 563
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:40:13 +0700" "GET // HTTP/1.1" 200 563

As you can see, what is written on my access log is my proxy ip address instead of my original address.

After spending some time researching, i found out that Apache ModProxy have an “X-Forwarded-For” http header which contain the original user’s ip address. So this is my new Access Logging Format, you can see me logging “X-Forwarded-For” header on the end of my new logging format.

%client.name% %auth-user-name% %datetime% %request% %status% %response.length% %header.X-Forwarded-For%

And this is my lates access log file, you can see my original ip at the end of every access log.

"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:56 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:56 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:56 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:56 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:56 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:57 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:51:57 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"
"192.168.56.102" "NULL-AUTH-USER" "20/Oct/2013:15:52:05 +0700" "GET // HTTP/1.1" 200 563 "192.168.56.101"

Hope it’d help others, have fun ;-)

Google+

No Comments

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked


:-[ (B) (^) (P) (@) (O) (D) :-S ;-( (C) (&) :-$ (E) (~) (K) (I) (L) (8) :-O (T) (G) (F) :-( (H) :-) (*) :-D (N) (Y) :-P (U) (W) ;-)