This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Change of proxy.client.ip after manipulating X-Forwarded-For header ( Chained proxy )

on ‎12-10-2017 11:29 PM

jhans
New Member
1 0 1,353

proxy.client.ip has a behavior that changes based on the way we manipulate XFF header.

This was tested by two proxies. One calling the other ( proxy chain )

Scenario 1st :

In this scenario proxy one ( test ) call another proxy ( proxychain ) .

When (test) apiproxy API call is invoked it will call proxychain apiproxy. While doing so

proxychain apiproxy will have two IPs in X-Forwarded-For header.

X-Forwarded-For header : 104.134.0.33,54.252.61.25

Below are the details of the IPs

104.134.0.33 : IP of actual client calling the API in apiproxy ( test )

54.252.61.25 : IP of the message processor.

The proxy.client.ip in this case will be the one of the actual client IP that is calling API in apiproxy ( test)

proxy.client.ip : 104.134.0.33

Below is the screenshot of the trace for apiproxy ( proxychain )

6112-screen-shot-2017-12-11-at-60248-pm.png



Scenario 2nd :

In this scenario proxy one ( test ) call another proxy ( proxychain ) .

When (test) apiproxy API call is invoked it will call proxychain apiproxy. While doing so

proxychain apiproxy will have one IP in X-Forwarded-For header.

X-Forwarded-For header : 54.252.61.25

Below are the details of the IPs

54.252.61.25 : IP of the message processor.

The proxy.client.ip in this case will be of the message-processor

proxy.client.ip : 54.252.61.25

Below is the screenshot of the trace for apiproxy ( proxychain )

6114-screen-shot-2017-12-11-at-61840-pm.png

In the above case the X-Forwarded-For header was removed from the calling apiproxy. In this case that would be ( test ) apiproxy.

	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="RemoveXFF">
    <DisplayName>RemoveXFF</DisplayName>
    <Properties/>
    <Remove>
        <Headers>
            <Header name="X-Forwarded-For"/>
        </Headers>
    </Remove>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

So if we manipulate the X-Forwarded-For header in proxy chaining we will get different results for proxy.client.ip values in the API proxy that is being called.



Regards,

Jagjyot


Preview file
224 KB
Preview file
226 KB
Preview file
224 KB
Topic Labels
Version history
Last update:
‎12-10-2017 11:29 PM
Updated by: