Issue
After upgrading to Semarchy xDM v2023.1.3 or later, users may experience connection problems when the application is deployed behind:
- A load balancer
- A reverse proxy
- A forward proxy
Typical symptoms include:
- Application not accessible through the proxy URL
- Incorrect redirections (HTTP/HTTPS issues)
- Client IP address not properly detected
- General connectivity failures
Cause
Starting with Semarchy xDM v2023.1.3, forwarded HTTP headers are no longer trusted by default for security reasons.
Headers such as:
- X-Forwarded-For
- X-Forwarded-Proto
- X-Forwarded-Host
Were previously processed automatically.
This behavior has been changed as part of a security enhancement.
When Semarchy is deployed behind a load balancer or proxy that forwards the real client IP and protocol using these headers, the application will no longer interpret them unless explicitly allowed. This results in connection or redirection issues.
For more details, please refer to the:
Solution
To restore the previous behavior and allow forwarded headers to be processed, add the following JVM option to the Tomcat (Catalina) configuration:
-DallowXForwardedHeaders=true
Steps:
- Locate your Tomcat configuration.
- Edit the CATALINA_OPTS (or equivalent JVM options configuration).
- Add:
-DallowXForwardedHeaders=true
- Example:
CATALINA_OPTS="$CATALINA_OPTS -DallowXForwardedHeaders=true"
- Restart the Semarchy application server.
After restarting, forwarded HTTP headers will be accepted again, and connectivity through the load balancer or proxy should function correctly.