proxy.client.ip has a behavior that changes based on the way we manipulate XFF header.
This was tested by two proxies. One calling the other ( proxy chain )
Scenario 1st :
In this scenario proxy one ( test ) call another proxy ( proxychain ) .
When (test) apiproxy API call is invoked it will call proxychain apiproxy. While doing so
proxychain apiproxy will have two IPs in X-Forwarded-For header.
X-Forwarded-For header : 104.134.0.33,54.252.61.25
Below are the details of the IPs
104.134.0.33 : IP of actual client calling the API in apiproxy ( test )
54.252.61.25 : IP of the message processor.
The proxy.client.ip in this case will be the one of the actual client IP that is calling API in apiproxy ( test)
proxy.client.ip : 104.134.0.33
Below is the screenshot of the trace for apiproxy ( proxychain )
Scenario 2nd :
In this scenario proxy one ( test ) call another proxy ( proxychain ) .
When (test) apiproxy API call is invoked it will call proxychain apiproxy. While doing so
proxychain apiproxy will have one IP in X-Forwarded-For header.
X-Forwarded-For header : 54.252.61.25
Below are the details of the IPs
54.252.61.25 : IP of the message processor.
The proxy.client.ip in this case will be of the message-processor
proxy.client.ip : 54.252.61.25
Below is the screenshot of the trace for apiproxy ( proxychain )
In the above case the X-Forwarded-For header was removed from the calling apiproxy. In this case that would be ( test ) apiproxy.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="RemoveXFF"> <DisplayName>RemoveXFF</DisplayName> <Properties/> <Remove> <Headers> <Header name="X-Forwarded-For"/> </Headers> </Remove> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="request"/> </AssignMessage>
So if we manipulate the X-Forwarded-For header in proxy chaining we will get different results for proxy.client.ip values in the API proxy that is being called.
Regards,
Jagjyot