ASP.NET: Converting X-Forwarded-For To REMOTE_HOST
Join the DZone community and get the full member experience.
Join For FreeJust keeping notes here. If you’re using IIS Mod Rewrite or if you’re running a reverse proxy or a non-transparent load balancer, you may find the request URL server variable mismatching and the REMOTE_ADDR server variable coming back as the IP address of the proxy server or as the load balancer IP. This is no good, because all of the user’s IP address information is lost. Well, almost lost. What should happen is the the reverse proxy is supposed to add an X-Forwarded-For HTTP header in the request headers containing the user’s IP address, as well as X-Original-URL. This can then be read back by the web server.
The problem is, even with X-Forwarded-For being passed in to the web server, REMOTE_ADDR is still wrong.
I’m looking for the easiest path to just fix this once and for all without delving into web application code. So I’m playing with this simple global.asax tweak to fix this. I haven’t fully tested this yet so, again, just taking notes here ..
void Application_BeginRequest(object sender, EventArgs e)
{
var ss = Request.ServerVariables["SERVER_SOFTWARE"];
if (!string.IsNullOrEmpty(ss) && ss.Contains("Microsoft-IIS")) // doesn't work w/ Cassini
{
string SourceIP = String.IsNullOrEmpty(Request.ServerVariables["HTTP_X_FORWARDED_FOR"])
? Request.ServerVariables["REMOTE_ADDR"]
: Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
Request.ServerVariables.Set("REMOTE_ADDR", SourceIP);
Request.ServerVariables.Set("REMOTE_HOST", SourceIP);
string OrigUrl = Request.ServerVariables["HTTP_X_ORIGINAL_URL"];
if (!string.IsNullOrEmpty(OrigUrl))
{
var url = new Uri(Request.Url, OrigUrl);
Request.ServerVariables.Set("SERVER_NAME", url.Host);
Request.ServerVariables.Set("SERVER_PORT", url.Port.ToString());
}
}
}
Published at DZone with permission of Jon Davis. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments