Layer7 API Management

  • Private Community

  • 1.  Resolving multiple IPs(x-forwarded-for) from Header

    Posted Jul 18, 2017 03:02 AM

    Hello Guys,

    I am trying to resolve the IP address from the header values,

     ${request.http.headerValues.x-forwarded-for}

    Header Values : IP, IP (there are two IP addresses in XFF)

     

    When I check the header, I see two  IP addresses which are same.

     

    Is there a way to parse the header?

     

    I tried  ${request.http.headerValues.x-forwarded-for[0]}, ${request.http.headerValues.x-forwarded-for[1]} but no chance.

     

    Any help would be appreciated.

    Regards



  • 2.  Re: Resolving multiple IPs(x-forwarded-for) from Header

    Posted Jul 18, 2017 04:03 AM

    Hi,

     

         Could you please provide more clear what is your issue? if you have configuration provide the same so that it will be easy to troubleshoot and replicate the issue.

     

    Regards

    Rajasekhar



  • 3.  Re: Resolving multiple IPs(x-forwarded-for) from Header

    Posted Jul 18, 2017 06:09 AM

    Hello 

    I have a published service, and  I want to allow(authorize) spesific IPs.

     

    However the paramater  ${request.http.headerValues.x-forwarded-for} has multiple IP addresses, seperated with commas.

     

    If I try to authorize based on this context variable, the service is not working.

    (this service was working yesterday, but may be there was a change within the load balancer, which is somehow sending multiple IPs)



  • 4.  Re: Resolving multiple IPs(x-forwarded-for) from Header

    Posted Jul 18, 2017 06:25 AM

    Hello,

     

         Then use Restrict Access to IP address Range assertion and hardcode some set of IPs there to access the service/API.

         You are just allowing the specific IPs to access the service so it is noway related to load balancer.

     

           I am really not getting why you are using context variable to provide the access to specific IPs.

     

    Regards

    Rajasekhar



  • 5.  Re: Resolving multiple IPs(x-forwarded-for) from Header

    Posted Jul 18, 2017 05:40 PM

    Hello zifirr,

    1. Have you tried using ${request.tcp.remoteAddress} or ${request.tcp.remoteIP} to capture the IP?

     

    2. You can also store the trusted IPs in the cluster wide property and use the compare assertion to see if that ${request.tcp.remoteIP} or ${request.http.headerValues.x-forwarded-for} matches. which might be easier.

     

    Thanks!



  • 6.  Re: Resolving multiple IPs(x-forwarded-for) from Header

    Posted Jul 19, 2017 03:10 AM

    Hello Sravankanumuri,

     

    We have two instances of the gateway and they are behind a load balancer.

    ip1 ${request.tcp.remoteAddress}
    ip2 ${request.tcp.remoteAddress}
    ip3 ${request.tcp.remoteIP}
    ip4 ${request.tcp.remoteHost}

    All these values above return the IP address of the load balancer.

    So I have to get it from the header.xff value.

     

    And your solution worked perfectly Sravankanumuri.

    Thank you very much.



  • 7.  Re: Resolving multiple IPs(x-forwarded-for) from Header
    Best Answer

    Broadcom Employee
    Posted Jul 25, 2017 01:16 AM

    Hello zifirr ,

    If your purpose is to fetch each ip in the x-forwarded-for header, you can use split variable assertion, and then loop each ip with run assertions for each item, for example,

    If you know there are only 2 ips, after split, you can access them like this,

     

    Regards,

    Mark