Why can't I access the X-Forwarded-For header in my Java Spring app?

Issue

The X-Forwarded-For header, which is documented in the Dev Center article on HTTP Routing is populated for all requests. But the Spring framework will strip this header and use it to configure Tomcat's RemoteIpValve. This is mentioned, very briefly, in the Spring Boot docs under the section Use behind a front-end proxy server.

Resolution

To access the remote IP address, you can disable the server.use-forward-headers property by adding this configuration to your application.properties:

server.use-forward-headers=false

Or if you prefer to leave the Spring configuration with it's defaults, you can access the remote IP address from the underlying Servlet request in your Controller method. For example:

HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
request.getRemoteAddr(); // the value from X-Forwarded-For

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support
Terms of Service Privacy Cookies © 2018 Salesforce.com