Thank you very much for your kind and quick support. We really appreciate that.
Original Message:
Sent: 05-17-2021 10:34 AM
From: Namish Tiwari
Subject: arcotafm.log not showing the actual ClientIP Address
Hi Javed,
Your assumptions are correct here. you can also see that when you run the analyze transactions report and see the client IP address in that just to confirm.
-Namish
Original Message:
Sent: 05-15-2021 05:11 AM
From: Mohammad Javed
Subject: arcotafm.log not showing the actual ClientIP Address
Dear Namish Tiwari,
Just a query ! Now after enabling this parameter i can see that the X-Forwarded IP is being captured in the Client IP but the Remote Client IP passed to AFM is still capturing the CA Access Gateway IP. So just wanted to confirm this that the Remote Client IP has no role to play in the Risk rules right ? Risk rules will always consider the Client IP address only which has the X-forwarded IP correct ?
Arcotafm.log:
2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> X-FORWARDED-FOR Header passed ::5.41.150.114 |20210322072803.310.98fed189
2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> As X-FORWARDED-FOR functionality not enabled, ignoring X-FORWARDED-FOR header |20210322072803.310.98fed189
2021-03-22 10:28:05,153 [http-nio-8080-exec-5] INFO integrations.frontend.LifeCycleStateData(729) [] -> Setting ClientIP as 5.41.150.114 for request processing, whereas Remote ClientIP passed to AFM as 192.168.1.2 |20210322072803.310.98fed189
Best Regards,
Javed
Original Message:
Sent: 04-14-2021 03:55 AM
From: Mohammad Javed
Subject: arcotafm.log not showing the actual ClientIP Address
Dear Namish Tiwari,
Thanks for your quick support. It works now after configuring the XFFEnabled=true.
Original Message:
Sent: 04-11-2021 05:34 PM
From: Namish Tiwari
Subject: arcotafm.log not showing the actual ClientIP Address
Hi Javed,
By default this setting is disabled in product after 8.2.02 version, which version you are running. You need to open the ARCOT_HOME/conf/afm/arcotafm.properties file and then change the value to true for below parameter
# ==========================================================================
# X-FORWARDED-FOR functionality parameters
# ==========================================================================
XFFEnabled=false
This will need a restart of the application server to take into effect.
-Namish
Original Message:
Sent: 04-08-2021 10:43 PM
From: Mohammad Javed
Subject: arcotafm.log not showing the actual ClientIP Address
Dears,
The ClientIP in the arcotafm.log is not capturing the actual IP address of the user who has initiated the request. Instead, it is capturing the Access gateway IP address which 192.168.1.2
I believe that for the Risk authentication rules such as for Geolocation, Anonymous IPs etc this ClientIP is being checked by the Risk authentication Module and not the X-FORWARDED-FOR header. Please confirm !!!
If ClientIP is being checked, then it is important that this ClientIP resembles the right IP address. I can see that the X-FORWARDED-FOR header is capturing the right IP address.
Kindy let us know how we can capture the original IP address in the ClientIP.
Below is the reference log:
Arcotafm.log:
2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> X-FORWARDED-FOR Header passed ::5.41.150.114 |20210322072803.310.98fed189
2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> As X-FORWARDED-FOR functionality not enabled, ignoring X-FORWARDED-FOR header |20210322072803.310.98fed189
2021-03-22 10:28:05,153 [http-nio-8080-exec-5] INFO integrations.frontend.LifeCycleStateData(729) [] -> Setting ClientIP as 192.168.1.2 for request processing, whereas Remote ClientIP passed to AFM as 192.168.1.2 |20210322072803.310.98fed189
Best Regards