Load balancer + preserving IPs
I seem to have encountered a rather severe limitation of the mod_loadbalancer, and I'm hoping there is a workaround.
I have a SJSAS 8.1EE cluster fronted by Apache (also tried SJS WS6.1 too) with SJSAS's loadbalancer plugin.
It seems that the appserver instances are seeing the IP of the loadbalancer instead of the original client IP address (web browser).
Several apps we run require to check the IP of the client system (for authentication and other reasons), so this is kind of an issue given mod_loadbalancer is now replacing them with it's IP.
Previously I've used mod_jk with JBoss clustering, and there's no such problem because they intelligently use the AJP protocol, so IP's are preserved.
Surely this would be a common scenario for ppl using loadbalancers, so I'm wondering if there's any way around it such that the destination appserver sees the client's IP, even when going through the loadbalancer.
Another idea that comes to mind is the question of examining another HTTP tag (eg <X-forwarded-by>) to get the client's original IP.
Any ideas would be greatly appreciated!
[1160 byte] By [
tourtech] at [2007-11-13]
Thankyou !
That's pretty much what I was hoping to find as a solution.
I've noticed that when using Sun's Web server 6.1 with SJSAS EE 8.1, the header "Prxoy-IP" is added to the HTTP request, presumably by their loadbalancer plugin for ther webserver.
That's great! But... the same is not true when using their loadbalancer plugin with Apache. Apache would be my preferred choice of webserver, but I guess if that's not going to work we might try their webserver.
Hopefully they can fix their loadbalancer plugin for Apache to also submit the proxy-ip as does the plugin for SJSWS.
Thank you very much for the suggestion!
Follow-up...
As mentioned above, I didn't get the Proxy-ip header working with mod_loadbalancer + Apache2.
However, a solution is to get Apache to add another HTTP header (for example, Proxy-client-ip) to the http request to appserver, using mod_headers.
Then, in a similar way, just get the apps to examine this instead of HttpServletRequest.getRemoteAddr().
Just odd, because it seems that if I get Apache to add the header "Proxy-ip", mod_loadbalancer sees it and removes it from the request to the appserver. I'm guessing it's meant to add it in itself, but for some reason (in the Apache version of mod_loadbalancer provided by Sun), doesn't.
i believe i'm looking at the same issue. We have struts tags in our jsp's that are returning the incorrect client url from the loadbalancer. where i'm expecting a link with the url "https://mysite.com/", it's returning "http://mysite:443".
our configuration consists of a sun webserver (v6.1) with the lbplugin pointed to a cluster of two sun app servers (v8.1). the loadbalancer.xml is configured with the https-routing param set to false, meaning that ssl connections should be forwarded to the http port of the app servers.
the same problem (i believe) is documented elsewhere in sun's bug site.
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6269102
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6188932
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4814778
