Skip to main content
P
priyapunnia@yahoo.com.sg
Participant
October 27, 2020
Question

Exclude real IP address

  • October 27, 2020
  • 1 reply
  • 167 views

Hi,

We are whitelisting IP address ranges to access our website in CF11 for my client. Every time the user hits the site my code will pull the IP address using HTTP.REMOTE_ADDR. Once the user hits our site , there are some real IP address coming in, which does not belongs to my or my clients network. While I was checking those IP it belongs to some ISP providers. So this restricts my users to access the site as it is not included in our whitelisting. Our CF server is not a proxy or load balancer. Even I tried to check if it is re-routing using CGI.HTTP_X_Forwarded_For. But it was not. Please help me to know if incoming new real  IP address can be controlled in our web server or in CF server? Or is there a way for the client to control these incoming IP address?

 

Thanks,

Jaya

    This topic has been closed for replies.

    1 reply

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    October 29, 2020

    I think it would help for you to clarify things:

    • do you mean that you looked at that one cgi variable and it was not there? Did you look at ALL the CGI vars to see if perhaps any OTHER header might have the IP address you were looking for? You can also use gethttprequestdata() to see ALL incoming headers
    • when you say you find some IPs that "belong to some ISP providers", is your point that these are legitimate requests? Why can't you add those IPs to your whitelists? If it is possible for your users to need to access your site from outside their work environment, you will have a very hard time whitelisting IPs, as they will vary widely.
    • when you ask if "new real IP address can be controlled in our web server or in CF server", do you mean is there a way to whitelist/blacklist ips? There is no feature in CF that does that for you, no. You would have to code it, as it seems you have. There ARE such features in IIS or Apache, though again your challenge seems not "how to whitelist them" but "which ones to whitelist"

     

    Again, if you clarify things better, perhaps we may be able to offer better answers for you. Or someone may respond without considering what I've written, and they may have some entirely different answer (or the same questions) for you.

    /Charlie (troubleshooter, carehart. org)
    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices