Layer7 API Management

Expand all | Collapse all

Please clarify about this 2 options

  • 1.  Please clarify about this 2 options

    Posted 12-04-2015 05:34 AM

    Hello All,

     

          Can someone please clarify me about this 2 options and provide the solution.

     

    I am doing IP validation to my REST APIs to restrict the access, for that when i add the IP i am using ${request.http.header.X-Forwarded-For} to in Context Variable and at the same time i am adding audit details to print the IP but IP is not printing in the audit events.

     

    When i use ${request.tcp.remoteIP} this in audit events the IP is printing but i didnt changed my context variable from ${request.http.header.X-Forwarded-For}  to ${request.tcp.remoteIP}.

     

    Now tell me whatever the IP i am getting that is client IP or not?

     

    If Yes, why i am not getting the IP when i use this ${request.http.header.X-Forwarded-For} ?

     

    Please find the configuration below.

     

     

    Let me know if you need any other information required.



  • 2.  Re: Please clarify about this 2 options

    Posted 12-04-2015 08:54 AM

    X-Forwarded-For is not a required header. It was a solution to the problem of finding the originating client IP(As other entities eventually override the tcp.remoteIp field and the originating client ip address is lost. Each server in the transaction would need to be configured to support the X-Forwarded-For header to maintain and append their IP address to it as the request progresses through.



  • 3.  Re: Please clarify about this 2 options

    Posted 12-10-2015 09:39 AM

    It is worth noting that the X-Forwarded-For header is only used by load balancing applications and products that terminate TLS and are able to modify the inbound HTTP request. If TCP or TLS is terminated between two hosts then the protected service--in this case, a Gateway--would consider terminating entity as the originator. This header can be added by applications that terminate TLS so that backend services (such as the Gateway or other web services) are aware of who originally sent the request--even if the TCP component of the request does not reflect the original recipient.

     

    The X-Forwarded-For header can be equated to the sender address in a letter: You know that you received this envelope from the post office (who processed and transmitted the message) but the sender address on the envelope tells from whom the message originated.