Capture IP without using X-Forwarded For
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2012 01:43 AM
Hello Friends,
We are running a web-application that has a login on the very first page.
We want to capture the real IP addresses of all the customers that visit our application.
We have Cisco layer 3 Load balancer configured in a shared mode with Natting.
We are running IBM http server over Apache.
We proposed using "X-Forwarded For" header to capture client IP but were not allowed due to known vulneabilities associated with X-Forwarded for.
We want to capture client IPs for "http" and "https" without using "X-Fwd for".
Can someone kindly suggest if there is any alternate to it?
If yes then how to implement it?
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2012 01:08 AM
Hi Vivek, adding X forwarded method.to load balance policy. So that source ip address is added to HTTP header, is the only method. Unless the application itself does not request source ip add in the header. Which can be passed through the load balancer.
Sent from Cisco Technical Support Android App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-28-2012 11:16 AM
Hi Vivek,
the problem with the x-fwd-for is the name of the header? What is the security risk?
---------------------
Cesar R
ANS Team
