Support Originating IP discovery in Access Logging

[mbhegde-orcl]

Environment Details

• Helidon Version: 3.2.7
• Helidon SE or Helidon MP: MP
• JDK version: 17
• OS: Does not matter, but Linux running on K8s
• Docker version (if applicable): OCI OKE

Issue type

Feature request

---

Problem Description

%h directive in Helidon access log library, apparently does print the remote Peer IP address.

    // HostLogEntry class
    @Override
    protected String doApply(AccessLogContext context) {
        String remoteAddress = context.serverRequest().remotePeer().host();
        return (null == remoteAddress) ? NOT_AVAILABLE : remoteAddress;
    }

Ideally there should be a way to apply X-Forwarded-For discovery rules, and log the originating IP address as seen by the load balancer / proxy.

Misc:

Helidon server already has requested URI discovery, but apparently it does not inspect the X-Forwarded-For for originating IP, nor is it used by access logs. Is it possible to reuse the same logic to inspect X-Forwarded-For?

[tjquinno]

@mbhegde-orcl Thanks for the issue.

You mentioned in your description:

Helidon server already has requested URI discovery, but apparently it does not inspect the X-Forwarded-For for originating IP, nor is it used by access logs. Is it possible to reuse the same logic to inspect X-Forwarded-For?

Do you have a test case that shows the requested URI feature not working correctly with the X-Forwarded-* headers? If so, please share it.

Because of the security implications users need to set up the requested URI behavior (either programmatically or using configuration) for the feature to work. https://helidon.io/docs/v3/se/webserver#_requested_uri_discovery We have tests but there are also quite a few combinations and we might have missed some.

Or is your point only about the access log usage (or non-usage) of requested URI?

[tjquinno]

@mbhegde-orcl

We have not heard any clarification about whether you were asking about the request URI feature itself not working or just exposing the results of its processing in the access log.

For the access logging, you can already customize the access log formatting to include whatever headers you want. So you could add a formatting element like this

%{X-Forwarded-For}i

Because it seems you can accomplish what you want using this feature, we'll close this issue. Please reopen it if in fact you have a test case that shows the requested URI feature itself not working.