WebLogic, OHS, and X-Forwarded- For

In our environment we run a number of WebLogic based applications behind a Load Balancer and require the Client IPs to show up in our access logs. This is accomplished in different ways depending on the applications. Our first set up is Grails running through WLS. In this case access logging is being handled through the managed server. To achieve this go to your WLS console and navigate to Environment/Servers. There pick the server that you are making the change for. From there pick the 'Logging' tab at the top and select 'HTTP' as the secondary tab. Open the Advanced options at the bottom of your page. The Format needs to be changed from Common, to Extended and at the end of the 'Extended Logging Format Fields' you will need to add the text 'cs(X-Forwarded-For)' to the end. When done it will look somewhat like this:

Hit the Save button o the bottom. Once the change is applied it will not take effect until you restart your managed server.


When we attempted to do the same in a WebLogic environment running Oracle HTTP Server this did not work. In that case it is OHS itself that is capturing the access data. To achieve the appropriate logging there we went to the EM page and clicked on our OHS instance. For the Oracle HTTP Server drop down at the top we chose the Administration>Log Configuration option. On this page press the 'Manage Log Formats' button under the Access Log section. In this page you will be presented with the current log formats, common is the default. Choose the format you want to use, or create your own, and add '%{X-Forwarded-For}i' to it where you would like to see it. For instance if you wanted it at the front of the common logging format you would end up with the following:

     %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b 

Hit Ok on this page and if you are still using the common logging format hit apply. If you made your changes to one of the other formats then select your log, hit the edit button, and change the log format in the drop down. Hit ok to leave this box and then apply on the next page. Whichever decision you made , either the default or another logging format, you will have to restart your OHS server when done.