I deployed an ASP.NET Core web application using kubernetes and ran WAF server to manage the incoming request and protect our service.
I had a part of code that gets the IP of the end user and store it in a database for some monitoring aims. It was working perfectly before we upgrade our Kubernetes to the latest version. But after that I am getting the Ip of my Kubernetes cluster as user client Ip.
After checking the logs and spending time on investigation we found that the real user Ip is stored in X-Original-Forwarded-For
header and not in X-Forwarded-For
.
POST /Account/Login HTTP/1.1
Host: myservice.com
X-Request-ID: 2c7101cdad13f71a90bebb2c8d58f64d
X-Real-IP: 10.11.150.11
X-Forwarded-For: 10.11.150.11
X-Forwarded-Host: myservice.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Scheme: https
X-Scheme: https
X-Original-Forwarded-For: 120.110.100.90
Content-Length: 756
Forwarded: for=120.110.100.90
Forwarded: for=120.110.100.90;proto=https
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: null
Cookie: .AspNetCore.Antiforgery.9TtSrW0…
Also, I add information about my known Networks/Proxies in my startup by using this code:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.All;
foreach (var network in getKnownNetworks(Configuration))
{
options.KnownNetworks.Add(network);
}
foreach (var proxy in getKnownProxies(Configuration))
{
options.KnownProxies.Add(proxy);
}
}
);
I also registered ForwardedHeaders middleware in my Configuration part.
How can I read client Ip from other headers?
CodePudding user response:
In ForwardedHeadersOptions
you can configure a custom forwarded-for header by setting the ForwardedForHeaderName
property like this:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.All;
// add this line
options.ForwardedForHeaderName = "X-Original-Forwarded-For";
foreach (var network in getKnownNetworks(Configuration))
{
options.KnownNetworks.Add(network);
}
foreach (var proxy in getKnownProxies(Configuration))
{
options.KnownProxies.Add(proxy);
}
});