How to set the property requestAttributesEnabled for AccessLogValve in Apache Tomcat, in a spring-boot application?

Question

We have a standalone spring-boot application, where we want to set access log pattern such that

• X-forwarded-for header exists in request: It should be included in the logs as the first field
• X-forwarded-for header DOESN'T exists in request: It should be replaced by remote ip address

When we run our application with the following settings, we only get remote ip address

server.tomcat.accesslog.directory=<path_to_log_director>
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b
server.tomcat.accesslog.prefix=access_log
server.tomcat.accesslog.suffix=.log

eg:

192.168.25.265 - - - [12/Sep/2016:10:20:56 +0200] "GET /myapp HTTP/1.1" 200 125922

We also tried to set property server.tomcat.accesslog.pattern to

%h %{X-Forwarded-For}i %l %u %t "%r" %s %b

then we get both remote ip address and X-forwarded-for header value.

eg:

192.168.25.265 192.168.21.65 - - - [12/Sep/2016:10:20:56 +0200] "GET /myapp HTTP/1.1" 200 125922

However, based on the link https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html, tomcat supports this requirement to include remote ip address when x-forwarded-for doesn't exist. This can be achieved by adding the property 'requestAttributesEnabled'

We tried adding the property server.tomcat.accesslog.requestAttributesEnabled but no effect took place.

It doesn't appear to be implemented since it's not present here: http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html

We implemented a workaround using an implementation of EmbeddedServletContainerCustomizer, as mentioned in How do I configure the location and name of tomcat access log in spring-boot?, where we added:

accessLogValve.setRequestAttributesEnabled(true);

and it worked as expected.

However we would prefer to be able to set the requestAttributesEnabled as a configuration property through spring-boot, like:

server.tomcat.accesslog.requestAttributesEnabled=true

rather than have the need to use this customizer in all our services.

Is there a better solution to this problem, is there another property to be used, or is it a feature that can be expected to be delivered in the near future?

Answer 1

You are right, this property isn't directly exposed and what you've done is the recommended approach. Having said that, I've created #7367 to discuss whether or not we should add that one as a built-in property. Please watch that issue for further updates. Thanks!