Summary

Since all requests to Confluence nodes in Data Center come through the Load Balancer (LB) o an internal Proxy. Either way, Tomcat will log the LB/Proxy IP in the access logs by default. This limitation makes troubleshooting web requests in Data Center difficult. 

It is possible for Tomcat to log the value from X-Forwarded-For header sent by the load balancer via Tomcat's RemoteIpValve. Note this will add a minor overhead as Tomcat will have to parse all HTTP headers. 

Solution

1. Edit the file CONFLUENCE_INSTALL_DIR/conf/server.xml

2. Insert this line before the "AccessLogValve":

   <Valve className="org.apache.catalina.valves.RemoteIpValve"
   	internalProxies="PROXY_IP_ADDRESS" 
       remoteIpHeader="x-forwarded-for"
       protocolHeader="x-forwarded-proto"
       proxiesHeader="x-forwarded-by" 
   />

   By default, there are several internalProxies ranges allowed by default:

   • 10.0.0.0/8
   • 192.168.0.0/16
   • 169.254.0.0/16
   • 127.0.0.0/8
   • ::1

   For public IP addresses or different private ranges, you need to add an an internalProxies attribute that lists the load balancer/proxy IPs. 

   This needs to be specified as a regular expression, escaping the "." characters in PROXY_IP_ADDRESS with a backlash. Example: internalProxies="1\.1\.1\.8". 

3. Configure AccessLogValve to accept the substituted IP from RemoteIpValve by adding the requestAttributesEnabled attribute to the AccessLogValve:

   <Valve className="org.apache.catalina.valves.AccessLogValve"
       requestAttributesEnabled="true"
       ... EXISTING_ATTRIBUTES ...
   />

4. Restart Confluence.
5. Repeat the same process on each Confluence node (in a clustered environment).

Some additional references about this: 

• CONFSERVER-58563 - Getting issue details... STATUS
• How to log the client source IP in access logs for Jira Data Center