Having a challenge configuring X-forwarding for multiple IP interface elastic load balancing. The service generates multiple load balancer IP addresses/interfaces and registers a DNS A record with all. I'm attempting to configure the RemoteIPValve x-forwarding on the JSS' and I've configured the "Enable Remote IP Valve" setting under Apache Tomcat Settings and edited the "server.xml" file on each JSS to include the RemoteIPValve element for internal and trusted proxies fields. However, the internal and trusted proxy addresses in the "server.xml" seem to only honor one IP address for a load balancer.
Example in server.xml:
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="172.1.2.3"
trustedProxies="172.1.2.3"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/>
DNS A record:
JSS.hawks.com has address 172.1.2.3
JSS.hawks.com has address 172.4.5.6
Testing with this configuration works when a connected client comes from the load balancer IP address I've entered in server.xml (172.1.2.3) but if it connects from the other load balancer IP (172.4.5.6) it will not pull the original client IP from the header and update JSS accordingly.
Has anyone come across a format to represent multiple proxy entries (IP address sources) in this element or any other solution?
Running 9.62 on RHEL7 and using elastic load balancing services for a pool of JSS'.
Regards,
DJ