AnsweredAssumed Answered

Access control based on X-Forwarded IP

Question asked by SamWalker on Feb 2, 2017
Latest reply on Feb 2, 2017 by SamWalker

Hi, Apologies if this question is answered already,  appreciate if anyone can forward me right direction.

 

We want to control access to a service based on user's IP. However our api gateway is behind lad balancer so Gateway always sees LB as the client not the actual client. Our LB is configured to pass x-forwarded-for header so backend applications can use that IP as needed. We have customized our apache web servers to capture this information. However, I am not able to find required configuration for API Gateway. Any pointers would be appreciated.

 

I have confirmed that XFF (X-Forwarded-For) is carrying client IP using a r"Return Template esponse " assertion with the folowing  response body:

 

${request.http.allheadervalues}

When this assertion is executed, user's browser renders all headers including XFF.

 

I tried using 

${request.http.x-forwarded-for}

but browser renders a blank page.

Can anyone suggest a way to capture XFF in a context variable so I can use that in "Allow Access to IP Address Range"?

Outcomes