Forum Discussion
NimbostratusGet ClientIP Address Behind LoadBalancer
Hi,
I am facing an issue to capture the actual IP address of the customers. The Web application is developed in ASP.NET 2.0 version (IIS version is 6.0) and it is hosted in Windows 2003 server behind the F5 Load Balancer.
I have tried to capture the customer IP address through the REMOTE_ADDR server variable, however it is capturing the actual IP address. I have also tried the below server variables and they are not also working either,
- HTTP_X_FORWARDED_FOR
- HTTP_USER_AGENT
- HTTP_CLIENT_IP
- HttpContext.Current.Request.UserHostAddress
I have also tried the solutions mentioned in the link https://devcentral.f5.com/blogs/us/...ws-servers and tried the below steps,
1. Downloaded the file and transferred the dll from \x64\Release folder in a new folder of the server C:\ISAPIFilters.
2. Right clicked on the IIS and select Properties. Then selected the "ISAPI Filters" tab. From there clicked the "Add" button and entered "F5XForwardedFor" for the Name and the path to the file "c:\ISAPIFilters\F5XForwardedFor.dll" to the Executable field. Clicked Ok.
However found that the Status of the Filter is showing as "NOT LOADED" in the IIS.
Also to confirm you that I am receiving NULL values in the X-Forwarded-For Server variable.
Please advise.
Thanks and Regards,
Aniket
12 Replies
- Kevin_Stewart
Employee
You must enable the X-Forwarded-For header in the HTTP profile (Insert X-Forwarded-For) for the LTM to auto-inject the header. Also, depending on how you have the virtual server configured, you may either be seeing the BIG-IP's self-IP (SNAT enabled) address or the client's IP (SNAT disabled). If you require SNAT then you can:
1) Enable the HTTP profile's X-Forwarded-For header option, or
2) Create a simple iRule to push the client's true source as an arbitrary HTTP header:when HTTP_REQUEST { HTTP::header insert CLIENTIP [IP::client_addr] }
You should then be able to see the client's IP in the incoming "HTTP_CLIENTIP" header. 
Aniket_129589Thanks Kevin for your reply. I am trying this and would confirm you.
Thanks and Regards,
Aniket- Aniket_129589Hi Kevin,
I have checked with the Network team who deals with the F5 configuration details and they have provided the below response,
In answer to your question about ‘Insert X-Forwarded For’ feature, this configuration is relevant if SNAT is used in VIP configuration. SNAT feature is not in used (not required) in the existing configuration, SNAT is required if the sever gateway is not the F5 (for these application severs the gateway is F5). SNAT modifies the source IP of the packets that are sent to the pool members so that the return traffic is sent to the F5, and not directly to the user/client that initiated the request.
When the F5 system translates the source IP address of the incoming packet from the client to the SNAT address, the web server sees the request as originating from the SNAT address, not the original client IP address. If the web servers are required to log the original client IP address for requests, the SNAT address translation behavior can become problematic.
This is where ‘Insert X-Forwarded For’ comes in. I hope this clarify your query.
Please could you advice if there anything to resolve this issue?
Many Thanks and Regards,
Aniket - Aniket_129589
Hi Kevin,I have checked with the Network team who deals with the F5 configuration details and they have provided the below response,In answer to your question about ‘Insert X-Forwarded For’ feature, this configuration is relevant if SNAT is used in VIP configuration. SNAT feature is not in used (not required) in the existing configuration, SNAT is required if the sever gateway is not the F5 (for these application severs the gateway is F5). SNAT modifies the source IP of the packets that are sent to the pool members so that the return traffic is sent to the F5, and not directly to the user/client that initiated the request.When the F5 system translates the source IP address of the incoming packet from the client to the SNAT address, the web server sees the request as originating from the SNAT address, not the original client IP address. If the web servers are required to log the original client IP address for requests, the SNAT address translation behavior can become problematic.This is where ‘Insert X-Forwarded For’ comes in. I hope this clarify your query.Please could you advice if there anything to resolve this issue?Many Thanks and Regards,Aniket - Kevin_StewartFirst, inserting the X-Forwarded-For header is just ONE method for getting the client IP to the server if SNATting. There are definitely other reasons to enable it and other ways to do it. In any case, just to be clear, you only need one of the above techniques: XFF header or iRule. If you use the iRule, based on the example above you'd be looking for the HTTP_CLIENTIP header within your ASP.NET pages. If you're still not seeing the header, or any header with the client IP, the first thing I would do is capture the traffic between the BIG-IP and server using TCPDUMP. Example:
tcpdump -lnni 0.0 -Xs0 [additional filters]
The -Xs0 flag will show you the contents of the packets (I'm assuming the payload is not encrypted) coming from the BIG-IP, so you want to look for the XFF or CLIENTIP header (whichever method you're using) to verify if it's actually being sent. If you see the header in the payload, but not on the server, then either something else is stripping it out along the way, or your ASP.NET environment is not configured properly to handle it. I would start there. - Aniket_129589
Thanks Kevin for your continuous help on this.
This is just to inform you that we are using the below piece of codes to track the customer IP addresses.
string _custIP = null; _custIP = HttpContext.Current.Request.ServerVariables["HTTP_CLIENT_IP"]; if (String.IsNullOrEmpty(_custIP)) { _custIP = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; } if (String.IsNullOrEmpty(_custIP)) { _custIP = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"]; } Customer IP1 = _hrHttpRequest.ServerVariables["REMOTE_ADDR"]; Customer IP2 = _custIP ; Customer IP3 = _hrHttpRequest.UserHostAddress.ToString() ; Customer IP4 = _hrHttpRequest.ServerVariables["HTTP_X_FORWARDED_FOR"];
We are receiving public IPs from the first three variables (and all of the three variables are capturing same IP address) and receiving NULL value in the last variable.
We are having one business intelligence tool which captures the customer IP addresses from the network itself and the IP address mismatch is seen from there. Just for an example, our piece of code has captured a customer IP address as 86.1.65.146, however the tool has captured the same as 2.103.197.20, which seems to be correct.
Please could you advice.
Many Thanks and Regards,
Aniket Samanta - Kevin_Stewart
Just for an example, our piece of code has captured a customer IP address as 86.1.65.146, however the tool has captured the same as 2.103.197.20, which seems to be correct.
I'm a little confused now. Can you please verify that:
1. The client's TRUE IP address is available to the F5 as the request accesses the virtual server, and
2. A TCPDUMP between the F5 and the server, shows or does not show an HTTP header (either XFF or custom) with that same client IP address.
That TCPDUMP will show what you're getting at the server. How you process that information is another matter, and I would first like to assess that the F5 is sending the information.
Also, how are you configuring the F5 to send the client IP? XFF setting in HTTP profile or iRule? - Aniket_129589
Hi Kevin,
Apologies for the delay in reply. This is just to inform you that we are trying to capture the IP addresses of the customers from the website in Emails.
I have spoken with the Network Team who manages the F5 settings and they have advised the below after their investigation,
“When we receive the emails from the customers from the website, the IP address of these emails originate from different IP address that the same customer is accessing the website.
This has no bearing with the LTM configuration or behavior.
When a user sends you an email, you are most likely seeing the IP address of their SMTP server, or the webmail server from which they sent you the email. This is in almost all cases going to be different from the IP address the client actually has on the public Internet, which you can find by for instance browsing to http://myip.dk . Furthermore, the IP address you will see on the LTM will depend on whether or not any further address translation is taking place between the client and the LTM.”
Could you please advice can’t we track the actual IP address of the customer in the Email?
Thanks and Regards, Aniket
- Kevin_Stewart
In short, probably not. There would have to be a client side mechanism to send that information in the SMTP payload. By the time it got to the LTM it would be too late.
- Aniket_129589
Thanks Kevin for the confirmation.
