the traffic is accepted at firewall then forwarded to private load-balancer on oracle cloud, the forwarded to internal web servers. the problem is that client IP address at we server is seen as load-balancer IP address. is there a way to add X-Forwarded-for or X-real-IP in order to see actual IP address on internal web server.
The Loadbalancer may be configured to use TCP as opposed to HTTP. This can cause the header to not be added correctly. Try reconfiguring the loadbalancer to use HTTP
I went through this article to setup port forwarding in chrome.
Though I was able to work it out for non-secure (http) ports, I couldn't get it working for secure (https) ports. In both cases (http and https) the page loads in my laptop. just the https page doesn't load in my android phone.
Here is the configuration for http site.
And here is the configuration for https site.
Can someone please help?
It took me almost a week to find this workaround. You don't need to root your device, or use a proxy with this method.
You just need to port forward on chrome as you did and edit an android hosts file using Virtual Hosts. The apk is available under Virutal hosts releases in case the direct link does not work.
On your device, create a hosts.txt to map IP addresses to host names:
127.0.0.1 domain.com
127.0.0.1 subdomain.domain.com
Select your hosts file and turn it on! Then install certificates on your device.
I am trying to install an Angular application which uses google maps in a very restricted intranet. I have access to Google Maps through my server (which serves my app using NGINX), but not from my client. So those are the steps I took so far.
1 - I set the server IP for maps.googleapis.com in my /etc/hosts file in the client.
2 - I set the google maps IP in my /etc/hosts file in the server.
3 - I created a conf file so Nginx knows it needs to proxy pass this domain:
server{
listen 80;
server_name maps.googleapis.com;
location/ {
proxy_pass http://216.58.212.10/$uri$is_args$args;
proxy_set_header Host $host:$server_port;
}
}
I can download the first google maps api request:
http://maps.googleapis.com/maps/api/js?v=3.exp&libraries=visualization&sensor=false&callback=onGoogleReady
But when it tries to download this one:
http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d38.48493576049805&2d-9.36532974243164&2m2&1d38.97382736206055&2d-8.891716003417969&2u12&4sen-US&5e0&6sm%40366000000&7b0&8e0&callback=_xdc_._kxuspe&token=52829
It shows me this error:
The Google Maps Javascript must be downloaded directly from Google's servers.
Am I missing something here? Did anybody do that before? An more importantly: is it possible?
I'd like to log the user's IP address in an OpenShift application. I'm using this access log pattern in my WildFly application server configuration:
<access-log pattern="%{i,X-Forwarded-For} | %A%t%h%l%u%r%s%b%T%I" directory="${jboss.home.dir}" prefix="access" suffix=".log" worker="default"/>
So it basically logs the X-Forwarded-For header.
It works just fine for HTTP connections, but it prints a single - character instead of the client's real IP address when a websocket connection is made.
I've found this bug ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1313395, but there seems to be a commit that fixes the problem.
Is there a way to get the user's real IP address in this situation?
Is there a way to get the origin IP of the user from the HTTP load balancing w/ GCloud? We are currently using just Network Load Balancing, and are needing to move to a cross region balancer although we need to user's IP for compliance and logging.
Does it pass in a header or something along those lines?
Thanks ~Z
The documentation (https://cloud.google.com/compute/docs/load-balancing/http/) says it's the first IP address of the X-Forwarded-For header.
X-Forwarded-For: <client IP(s)>, <global forwarding rule external IP>
If you are sure that you do not run any other proxy (that append additional IPs into X-Forwarded-For) behind Google Cloud Balancing, you can get the second to last IP from X-Forwarded-For as immediate client IP. Or even if you have some proxies but know the exact number of additional IPs that will be appended, you can also add those into account.
From https://cloud.google.com/compute/docs/load-balancing/http/#components:
X-Forwarded-For: <unverified IP(s)>, <immediate client IP>, <global forwarding rule external IP>, <proxies running in GCP> (requests only)
Only the <immediate client IP> and <global forwarding rule external IP> entries are provided by the load balancer. All other entries in
the list are passed along without verification.
IPs that comes before immediate client IP could be spoofed IPs or IPs coming from client proxies. Even if the client spoofs X-Forwarded-For header, the load balancer still appends the actual IP that hits the load balancer.
Ok, so after digging though headers and other things I found the following header that is passing the origin IP and thee IP for the user.
$_SERVER['HTTP_X_FORWARDED_FOR']
You will need to split it by the ',' and take the first part of the string. This is the user IP, that is being pushed by the Google Cloud HTTP Balancer.
Based on HTTP_X_FORWARDED_FOR header, a nice Nginx rule to split the IPs chain :
set $realip $remote_addr;
if ($http_x_forwarded_for ~ "^(\d+\.\d+\.\d+\.\d+)") {
set $realip $1;
}
fastcgi_param REMOTE_ADDR $realip;
Paste it after include fastcgi_params; directive to be effective.
If you're using Cloudflare, you can get original client IP from HTTP_CF_CONNECTING_IP.
I found this article
https://geko.cloud/forward-real-ip-to-a-nginx-behind-a-gcp-load-balancer/
You can whitelist/ignore IPs that are known to GCP like the static ip needed for registering the loadbalancer
set_real_ip_from 36.129.221.25/32; // LB Public IP address
set_real_ip_from 130.211.0.0/22; // Private IP range for GCP Load Balancers
set_real_ip_from 35.191.0.0/16; //Private IP range for GCP Load Balancers
real_ip_header X-Forwarded-For;
real_ip_recursive on;