Cybersecurity
DevOps Cloud
IT Operations Cloud
# /opt/novell/nids/lib/webapp/WEB-INF/web.xml
<!-- ================================================= Neil - rewrite XFF header to IP Address - LB IP address is 149.44.167.103 ================================================== -->
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
<init-param>
<param-name>internalProxies</param-name>
<param-value>149\.44\.167\.103</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
GET /nidp/ HTTP/1.1
Host: nam41sba.lab.novell.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Forwarded-For: 2.2.2.2
Connection: keep-alive
String sIPAddress = (String)request.getRemoteAddr();
out.println("************************ LOGIN.JSP Source IP Address: " sIPAddress);
<amLogEntry> 2015-08-24T17:48:22Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-3
****** HttpServletRequest Information:
Method: POST
Scheme: https
Context Path: /nidp
Servlet Path: /app
Query String: sid=0&sid=0
Path Info: /login
Server Name: nam41sba.lab.novell.com
Server Port: 443
Content Length: 57
Content Type: application/x-www-form-urlencoded
Auth Type: null
Request URL: https://nam41sba.lab.novell.com/nidp/app/login
Host IP Address: 147.2.35.57
Remote Client IP Address: 2.2.2.2
Cookie: (0 of 21): JSESSIONID, E16877A3EDE276C80F4E0249FDC8F2C9
Cookie: (1 of 21): __utma, 47136440.1622976940.1409914128.1438695959.1439985824.15
Cookie: (2 of 21): __utmz, 47136440.1409914128.1.1.utmcsr
:
Header: Name: x-forwarded-for, Value: 2.2.2.2
Header: Name: connection, Value: keep-alive
Session Id: 39B02761296FF6AFECC92824FA74403F
:
<amLogEntry> 2015-08-24T17:48:23Z INFO NIDS Application: Event Id: 3014666, Target: cn=basti,ou=sa,o=system, Sub-Target: 39B02761296FF6AFECC92824FA74403F, Note 1: Local, Note 2: Secure Name/Password - Form, Note 3: secure/name/password/uri, Numeric 1: 0, Data: 2.2.2.2 </amLogEntry>
[Tue, 24 Aug 2015 17:48:24 0000] [Novell Access Manager\nidp]: AMDEVICEID#DB7471BE99DE2C40: AMAUTHID#6749352DD9BA4274EEE5ADFFA687E8DD: User session was authenticated: [cn=basti,o=novell]. Authentication Type: [Local] Authenticating Entity Name: [Secure Name/Password - Form] Contract Class or Method Name: [secure/name/password/uri] Source IP Address: [2.2.2.2]