Tomcat RemoteIpValve with IIS 7 via ARR

StackOverflow https://stackoverflow.com/questions/19171286

  •  30-06-2022
  •  | 
  •  

Question

I'm trying to setup IIS 7.5 as reverse proxy to connect to Tomcat 7 via ARR 3.

For some reason when IIS forwards the request, the x-forwarded-for header contains the remote port, so instead of showing something like: 123.124.125.126 I see 123.124.125.126:54321

Unfortunately that does not work with RemoteIpValve, which expects the IP address only.

Is there a way to remove the port from IIS? or in RemoteIpValve?

Update: I tried running the command below and I can see that it updated applicationHost.config but I still see the port number (restarted IIS):

appcmd.exe set config -section:system.webServer/proxy /includePortInXForwardedFor:"false" /commit:apphost

Thanks!

Was it helpful?

Solution

I ended up using the following workaround:

On IIS, in %System32%/inetsrv/config/applicationHost.config I added the following snippet at system.webServer/rewrite/globalRules/rule [name=ARR*]:

<severVariables>
  <set name="HTTP_X_REMOTE_ADDR" value="{REMOTE_ADDR}" />
</severVariables>

Then I specified that name to the RemoteIpValve in Tomcat's server.xml

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-remote-addr" />

To use the newly added header instead of X-Forwarded-For

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top