Highlighted

Load Balancer - Finding the clients IP number

Enthusiast ,
Oct 08, 2018

Copy link to clipboard

Copied

I have a geo database that I use to look up the users country based on IP number.

I've noticed that the IP is the same for all users and therefore everybody apparently lives in the US

I believe this is because I've added the site to a load balancer., it's acting like a proxy and replacing the IP.

I've tried the cgi values - remote_addr and also http_x_forwarded_for (which is empty - I guess the data center has to set it to forward the IP)

Is there anything else that I'm missing that might sniff out that IP number?

Failing that I'll just take it off the load balancer and move the static HTML files that I do want on a load balancer onto separate servers, but I'd really like to know if there's a fix using CF before I do that

Also reached out to the ISP, maybe they can tweak the load balancer to forward the IP

To add to this I did a little more research after hearing back from my ISP.

It appears that I can indeed use X-Forwarded-For to obtain the actual email address, if the use is on a HTTP page, but if they are on a HTTPS page then the value is blank.

The ISP tell me that they can't forward on HTTPS. Whether that is just them or that is the case with HTTPS on all ISP's I don't know

Views

489

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Load Balancer - Finding the clients IP number

Enthusiast ,
Oct 08, 2018

Copy link to clipboard

Copied

I have a geo database that I use to look up the users country based on IP number.

I've noticed that the IP is the same for all users and therefore everybody apparently lives in the US

I believe this is because I've added the site to a load balancer., it's acting like a proxy and replacing the IP.

I've tried the cgi values - remote_addr and also http_x_forwarded_for (which is empty - I guess the data center has to set it to forward the IP)

Is there anything else that I'm missing that might sniff out that IP number?

Failing that I'll just take it off the load balancer and move the static HTML files that I do want on a load balancer onto separate servers, but I'd really like to know if there's a fix using CF before I do that

Also reached out to the ISP, maybe they can tweak the load balancer to forward the IP

To add to this I did a little more research after hearing back from my ISP.

It appears that I can indeed use X-Forwarded-For to obtain the actual email address, if the use is on a HTTP page, but if they are on a HTTPS page then the value is blank.

The ISP tell me that they can't forward on HTTPS. Whether that is just them or that is the case with HTTPS on all ISP's I don't know

Views

490

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 08, 2018 0
Adobe Community Professional ,
Oct 08, 2018

Copy link to clipboard

Copied

You'll have to rely on the ISP. There's nothing except X-Forwarded-For available to you within your CF application.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2018 1
Enthusiast ,
Oct 08, 2018

Copy link to clipboard

Copied

That's what I figured. Time to dump the load balancer and move those static pages only to a new server on a load balancer

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2018 0
Adobe Community Professional ,
Oct 08, 2018

Copy link to clipboard

Copied

Passing the X-Forwarded-For header from the load balancer is kind of a standard thing, so they should be able to implement that for you pretty easily.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2018 0
Enthusiast ,
Oct 08, 2018

Copy link to clipboard

Copied

I'd also check for other headers, while X-Forwarded-For is by far the most common request header that you would find it in, I've seen the IP show up in other headers as well when working with load balancers or proxies. For example X-Real-IP is another possibility. I'd just do a dump of the request headers:

<cfdump var="#getHttpRequestData().headers#">

If you are lucky they are already passing it somewhere, if not as Dave said it should be a pretty easy fix to enable it in the load balancer.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2018 0
Enthusiast ,
Oct 08, 2018

Copy link to clipboard

Copied

I decided that I can live without the load balancer for the CF side, in-fact it would be pain due to maintaining sessions and also some dynamic files (images I pull from third party API), which would require a lot more messing to make it viable. So I planned on dumping the static HTML's (HTML5 games) on a separate load balancer set up.

However, my curiosity did get the better of me, so although I'd flipped the DNS to go straight to the domain, I have switched it back to see what headers do exist. Once the DNS updates I'll report back

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2018 0
Enthusiast ,
Oct 08, 2018

Copy link to clipboard

Copied

There's nothing extra in the headers.

Well at least I now know, if I do need that IP AND a load balancer in the future I better check with the ISP to make sure that they are forwarding the IP!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 08, 2018 0
Enthusiast ,
Oct 09, 2018

Copy link to clipboard

Copied

To add to this I did a little more research after hearing back from my ISP.

It appears that I can indeed use X-Forwarded-For to obtain the actual email address, if the use is on a HTTP page, but if they are on a HTTPS page then the value is blank.

The ISP tell me that they can't forward on HTTPS. Whether that is just them or that is the case with HTTPS on all ISP's I don't know

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 09, 2018 0
Adobe Community Professional ,
Oct 09, 2018

Copy link to clipboard

Copied

That is definitely not the case for HTTPS on all ISPs or load balancers.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 09, 2018 0
Enthusiast ,
Oct 09, 2018

Copy link to clipboard

Copied

To add the X-Forwarded-For header over HTTPS the load balancer would need to be configured terminate the TLS connection at the load balancer (it holds the private key to your TLS/SSL certificate allowing it to decrypt the request). Not sure if that is an option for you, but I thought I'd mention it incase it was.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 09, 2018 0
ACS_LLC LATEST
Enthusiast ,
Oct 09, 2018

Copy link to clipboard

Copied

I spoke with the ISP again, and it does not look like they are going to be modifying the load balancer any time some. I've managed to break things down so that the important part that needs the IP bypasses the load balancer. I will do for now, if not forever, but it would have been nice to have it put right just in-case

Maybe I will be coming back to this thread in a few months to grab the info above to pass on to them

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 09, 2018 0