VisitorGroupsCriteriaPack and proxy servers get Client IP

Vote:
 

Hi

When using  IPRangeCriterion in VisitorGroupsCriteriaPack it just reads the httpContext.Request.UserHostAddress witch in my case is the ip of my netscaler proxy server. The clients ip is in request X-Forwarded-For . What is the best way to handle this?

Regards Øyvind

#171240
Nov 03, 2016 11:31
Vote:
 

This is about CDN, not proxy, not sure if it would work for you, but it's easy to try.

http://world.episerver.com/documentation/developer-guides/CMS/Deployment/content-delivery-network-cdn-configuration/

BR,

Marija

#171256
Nov 03, 2016 20:34
Vote:
 

Marija, that is about CDN, but also load balancing like products like A10 and F5 are also hiding the true caller id, so if you are using one of theses (or maybe also a proxy server) then it should work with the article you linked.

#171261
Nov 04, 2016 6:56
Vote:
 

Thanks for the reply. Sorry to say that it did not work. Although when reading the doc (link) it looked very promising.

I am using EPiServer.CMS.Core 9.12.0.

<package id="EPiServer.CMS.Core" version="9.12.0" targetFramework="net452" />

Added this to appsettings

<add key="episerver:ClientIPAddressHeader" value="X-Forwarded-For" />

When i use this in a controller 

Log.Info("X-Forwarded-For IS: " + Request.Headers.Get("X-Forwarded-For")); //Returns my real Ip
Log.Info("request.UserHostAddress: " + Request.UserHostAddress); //Return proxy Ip

When i create a visitor group that has Ip Range condition = "Proxyip" and use it on a block. That block is always visible.

If i change visitor group condition to my ip the block is never visible.

#171272
Nov 04, 2016 11:14
Vote:
 

hi

It works if i do something like this in web.config. Good/Bad ?

        <rule name="Map true incoming IP address" patternSyntax="Wildcard">
          <match url="*" />
          <action type="None" />
          <serverVariables>
            <set name="REMOTE_ADDR" value="{C:0}" />
          </serverVariables>
          <conditions>
            <add input="{HTTP_X-Forwarded-For}" pattern="*.*" />
          </conditions>
        </rule>		  
#171795
Nov 17, 2016 15:56
Vote:
 
#171987
Nov 22, 2016 22:09
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.