Source IP with X-Forwarded-For

 

By default the Load balanced web servers will not use the Clients IP as the actual Source IP from which the request originates, instead – the load balancers IP Address is used.

As an administrator you might need to identify the clients IP for one or other monitoring requirement – this is easily achieve through the use of X-Forwarded-For headers.

Optionally you can configure your web server instead – to consider the X-Forwarded-For header as the Real IP – This is to prevent additional site changes for the X-Forwarded-For.

Program Awareness

An increasing amount of frameworks and applications are adapting to support X-Forwarded-For headers manipulation and is the preferred method of changing the source IP.

Snapt Configuration

X-Forwarded-For can be enabled in the UI per group that as required.

  • From the main menu navigate to Balancer->Group Management(Note: Or Balancer->Backend Management if Group Management is not used)

  • Click edit on the group you want to enable X-Forwarded-For 

  • From HTTP Options sub-menu set Force HTTP Close and Add X-Forwarded-For to On 

  • Reload Balancer

An additional header will be added to your requests as the following example

X-Forwarded-For: 123.1.2.3

Apache

Once the X-Forwarded-For header is available you are able to add it to your log files as illustrated in below.

You may use Source IP in the event that X-Forwarded-For header option is not available.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded

Consider using mod_remoteip in apache if you would like to mask the IP Address completely, this will allow your application to read the IP without the need to reference server headers.

IIS

There are several options here as well, best details by these two IIS blog post / IIS And X-Forwarded-For Header.

Nginx

Nginx has the module HttpRealipModule for exactly this purpose. Adding the following lines to your Nginx configuration will set the Real IP header to the X-Forwarded-For IP sent from the load balancer.

set_real_ip_from   YOUR.NETWORK.RANGE/24;
real_ip_header     X-Forwarded-For;
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.