Fetching Client IP in WebLogic Server Behind Load Balancer
Load Balancers and Client IP Addresses
load balancer often hides client Ip from the application. When a load balancer is used, application and WebLogic logs load balancer’s IP instead of the user’s IP. Most of the load balancers support HTTP Header X-Forwarded-For. This header often stores the user’s IP. Weblogic can be configured to read IP addresses from this HTTP header. If IP is not being stored in X-Forwarded-For we have to check on which HTTP Header Load balancer is storing IP for the client. Then instead of X-Forwarded-For use that HTTP Header.
X-Forwarded-For
Steps to Configure.
Open http://server:port/console and login.
Go to “Environment > Servers > {Servers_Config} > Logging > HTTP”.
Click “Lock & Edit”.
Select the checkbox for “HTTP access log file enabled”.
Save the changes.
Expand the “Advanced” section.
Change the Format to Extended.
Add cs(X-Forwarded-For) to the Extended Logging Format Fields.
Set the Log File Buffer to 0. (This will write entires immediately to the log file.)
Save the changes.
Click the “Release Configuration” button.
Restart the web server.
WebLogic plugin Enabled
Requests to a WebLogic Server (WLS) usually go through a web server or a load balancer which serves as a proxy for the client requests. When the WLS requests are “front-ended” by either a web server or a load-balancer, the requests are handled via a plugin. It is important for WLS to be aware of the proxy so as to handle the request correctly. Informing the Weblogic Server of the proxy, and therefore the presence of the plugin is achieved using the WLS setting “WebLogic plugin Enabled.”
Secondly, we must enable we “WebLogic plugin Enabled.” There are different ways to enable WebLogic plugin. We can use any one way depending on the architecture of these levels. The levels are:
The domain level
The cluster level
The individual managed server level
To configure this you need to login to WLS Administration Console as an Administrator. Within the console, first, click on “Lock and Edit” to acquire a domain edit lock. This step is required if you are running WLS in production mode.
To configure this setting at the domain level, perform the following steps:
In the “Domain Structure” pane on the left side, click on the name of the domain — In this case IDMDomain
Within the “Settings for ” page, navigate to the “Web Applications” sub-tab under the “Configuration” main tab
Scroll down until you see a check box titled “WebLogic Plugin Enabled”
Make sure the checkbox is checked and click “Save”
To configure this setting at the cluster level, perform the following steps:
In the “Domain Structure” pane on the left side, click on “+” icon against “Environment” and then click on “Clusters”
In the “Summary of Clusters” page, click on the cluster you want to enable this setting for, e.g., oam_cluster
In the “Settings for <cluster_name>” page, expand “Advanced” and make sure the box against “WebLogic plugin Enabled” is checked and click “Save”
To configure this setting at the managed server level, perform the following steps:
In the “Domain Structure” pane on the left side, click on “+” icon against “Environment” and then click on “Servers”
In the “Summary of Servers” page, click on the server you want to enable this setting for, e.g., wls_oam1
In the “Settings for <server_name>” page, expand “Advanced” and make sure the box against “WebLogic plugin Enabled” is checked and click “Save”
Once the property has been configured to the desired value, and at the desired scope (domain, cluster, or server), click on “Activate Changes” to commit the configuration change.
Restart the required servers.
Client IP Sample Application:
Code :
|
|
Note : There is the possibility that load balancer or reverse proxy server doesn’t forward Ip in X-Forwarded-For Header , then you have to find that header key that holds the IP of the client. If you find that please configure it on WebLogic the samely as you have done in X-Forwarded-For Header.
To find headers details use the following code :
|
|