How-To Configure an On-Premises Contrast installation to log the agent source IP addresses

  • Updated


Configure your On-Premises Contrast UI Server to include the IP addresses of individual servers on which Contrast agents are running, as opposed to (the default behaviour) of logging the IP address of any proxies or load balancers that reside in front of the Contrast Server.


When Contrast agent traffic is relayed to the Contrast Server, it is normal for the device relaying the traffic to add its own IP address to an X-Forwarded-For header in each request.

For example, such a header may look like this:


where, given well-behaved client and proxies, the rightmost IP address is the IP address of the most recent proxy and the leftmost IP address is the IP address of the originating client.

By default, the embedded Tomcat server used in the on-premises Contrast UI will log the IP of the most recent proxy in the Access Log file ($CONTRAST_HOME/logs/access_log.log), but it can be configured to strip out known trusted proxy IP addresses to leave only the source IP of the client (the server running the application being instrumented by a Contrast agent).


First determine the IP address(es) of any proxies or load balancers that relay agent traffic to the Contrast Server.

With these IP addresses in hand, edit the $CONTRAST_HOME/data/conf/ file to add (or edit if the entry already exists) the following:

remote.ip.valve.trusted.proxies=<ip address of proxy1>|<ip address of proxy2>|etc

Restart the Contrast Server to allow the changes to be picked up.

The access log file should now show agent traffic with the IP address of only the client shown, for example: - - [09/Nov/2023:14:48:32 -0500] "POST /Contrast/agents/v1.0/routes/UmlnaHRIZXJl/QzpcVXNlcnNcQWRtaW5pc3RyYXRvclxEb2N1bWVudHNcV2ViZ29hdDIwMjNc/dW5rbm93bg/amF2YQ/V2ViR29hdDIwMjM/observed HTTP/1.1" 204 - "-" "ContrastJavaAgent/5.0.0"

Where is the IP address of the client.



Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request