Exclude real IP address

New Here ,
Oct 27, 2020 Oct 27, 2020

Copy link to clipboard

Copied

Hi,

We are whitelisting IP address ranges to access our website in CF11 for my client. Every time the user hits the site my code will pull the IP address using HTTP.REMOTE_ADDR. Once the user hits our site , there are some real IP address coming in, which does not belongs to my or my clients network. While I was checking those IP it belongs to some ISP providers. So this restricts my users to access the site as it is not included in our whitelisting. Our CF server is not a proxy or load balancer. Even I tried to check if it is re-routing using CGI.HTTP_X_Forwarded_For. But it was not. Please help me to know if incoming new real  IP address can be controlled in our web server or in CF server? Or is there a way for the client to control these incoming IP address?

 

Thanks,

Jaya

Views

56

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Oct 29, 2020 Oct 29, 2020

Copy link to clipboard

Copied

LATEST

I think it would help for you to clarify things:

  • do you mean that you looked at that one cgi variable and it was not there? Did you look at ALL the CGI vars to see if perhaps any OTHER header might have the IP address you were looking for? You can also use gethttprequestdata() to see ALL incoming headers
  • when you say you find some IPs that "belong to some ISP providers", is your point that these are legitimate requests? Why can't you add those IPs to your whitelists? If it is possible for your users to need to access your site from outside their work environment, you will have a very hard time whitelisting IPs, as they will vary widely.
  • when you ask if "new real IP address can be controlled in our web server or in CF server", do you mean is there a way to whitelist/blacklist ips? There is no feature in CF that does that for you, no. You would have to code it, as it seems you have. There ARE such features in IIS or Apache, though again your challenge seems not "how to whitelist them" but "which ones to whitelist"

 

Again, if you clarify things better, perhaps we may be able to offer better answers for you. Or someone may respond without considering what I've written, and they may have some entirely different answer (or the same questions) for you.


/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines