我有一项在 Amazon Ec2 中运行的服务。该服务公开 http 端点和 https 端点。当我记录数据时,我正在对用户 IP 地址进行一些地理查找。对于传入 http 端点的请求,一切正常。我必须获取 X-Forwarded-For 标头,这样我就不会获取 Amazon 负载均衡器 UP 地址,并且始终能够获得我需要的内容。但是,对于 https 端点传入的请求,所有 IP 地址都是相同的。
为了提取 IP 地址,我使用以下 C# 代码:
public static string FetchClientIp(HttpRequest req)
{
var value = req.Headers["X-Forwarded-For"];
return string.IsNullOrEmpty(value) ? req.UserHostAddress : value;
}
我找不到任何其他需要执行的特定于 https 请求的操作,因此我希望这里有人以前遇到过此问题。我将对此进行测试,以更好地隔离问题。
谢谢
I have a service that is running in Amazon Ec2. The service exposes both a http endpoint and a https endpoint. I am doing some geo lookup on the user IP address when I log the data. Everything works just fine on requests coming into the http endpoint. I have to grab the X-Forwarded-For header so that I do not take the Amazon Load Balancer UP Address and I am always able to get what I need. However on requests that come in on the https endpoint all of the IP addresses are the same.
In order to pull the IP address I am using the following C# code:
public static string FetchClientIp(HttpRequest req)
{
var value = req.Headers["X-Forwarded-For"];
return string.IsNullOrEmpty(value) ? req.UserHostAddress : value;
}
I can't find anything else that I need to do that is specific to https requests so I'm hoping someone here has run into this before. I'm going to spin up a test on this to try to better isolate the problem.
Thanks
发布评论
评论(1)
这取决于您如何设置 ELB。
如果您要终止 ELB 上的 SSL (自 2010 年 10 月起的新功能),则客户端 IP 地址将位于“X-Forwarded-For”中。
听起来您正在终止 Web 服务器上的 SSL,然后 ELB 无法解密流量并将“X-Forwarded-For”标头添加到 HTTP 请求中。因此,标头“REMOTE_ADDR”(即 HttpRequest.UserHostAddress 返回的标头)中的客户端 IP 地址是最后一跳的 IP,在本例中是 ELB 的内部 IP 地址。
请记住,“X-Forwared-For”可能包含多个 IP 地址,如 http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/index.html?SvcIntro.html#X-Forwarded-For。在这种情况下,您可能对列出的第一个地址最感兴趣。
It depends how you have your ELB set up.
If you're terminating SSL on the ELB (new feature as of October 2010), then the client IP address will be in "X-Forwarded-For".
It sounds like you're terminating SSL on your web servers, then ELB can't decrypt the traffic and add the "X-Forwarded-For" header to the HTTP request. So the client IP address in the header "REMOTE_ADDR" (which is the header returned by HttpRequest.UserHostAddress) is the IP of the last hop -- in this case the internal IP address of the ELB.
Keep in mind, "X-Forwared-For" may contain multiple IP addresses as described at http://docs.amazonwebservices.com/ElasticLoadBalancing/latest/DeveloperGuide/index.html?SvcIntro.html#X-Forwarded-For. In that case, you're probably most interested in the first address listed.