« Previous Next »

• 04-20-2009, 2:57 PM

  In reply to

  ShqTth Joined on 09-15-2008, 3:04 AM Posts 7

  Re: Can requests appear to come from the original client? Reply Contact When using squid, HTTP_VIA=1.1 sheldows-vista:80 (squid/2.7.STABLE4) HTTP_X_FORWARDED_FOR=96.48.192.227 LOCAL_ADDR=127.0.0.1 REMOTE_ADDR=127.0.0.1 REMOTE_HOST=127.0.0.1 HTTP_X_FORWARDED_FOR is the ip address of the client connected to the proxy, or if squid made a request for multiple clients, then sometime X-FORWARDED-FOR may contain multiple ip addresses seperated by "," such as: HTTP_X_FORWARDED_FOR = x.x.x.x,y.y.y.y, z.z.z.z REMOTE_ADDR will be the ip address of the proxy REMOTE_HOST will be either the ip address of the proxy or the name of the proxy machine

• 05-04-2009, 11:27 AM

  In reply to

  niik Joined on 05-04-2009, 3:12 PM Posts 2

  Re: Can requests appear to come from the original client? Reply Contact Hey, great module,exactly what we where looking for! One question though, is there any way of enabling/disabling the ARRHelper module for specific websites? Some of our websites are portmapped directly through our firewall and some go through our ssl-offload/reverse-proxy and I'd like the ARRHelper to only operate on the latter. I've tried removing the element from the modules-section of applicationHost.config without any luck. I've also tried adding a element to the applicationHost and the Web.config file, also without any luck. It seems to as if the module gets activated once it has been included in the globalModules section. Perhaps you could add an enabled="(true|false") attribute to the configuration schema? Thanks!

• 05-04-2009, 12:36 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Can requests appear to come from the original client? Reply Contact I will look at that - it may be a while (also for the request to ignore invalid X-Forwarded-For headers), I am currently pretty busy with beta2 of ARRv2. Anil Ruia Senior Software Design Engineer IIS Core Server

• 05-05-2009, 10:37 AM

  In reply to

  Mike Ayling Joined on 06-27-2006, 1:39 PM Posts 50	Re: Can requests appear to come from the original client? Reply Contact I would think that you could add conditions to the rewrite rule that sends traffic to a defined webfarm. For example, if you only want the request rewritten for ARR if a specific host header is specified, then add a condition for {HTTP_HOST} in the rewrite rule.

• 05-05-2009, 1:04 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Can requests appear to come from the original client? Reply Contact Mike, I think niik is talking about the application server and not the load-balancing server (he is probably not using ARR at all) - he wants the ARRHelper module to only do its work on certain websites on the application server. Anil Ruia Senior Software Design Engineer IIS Core Server

• 05-13-2009, 8:28 AM

  In reply to

  niik Joined on 05-04-2009, 3:12 PM Posts 2	Re: Can requests appear to come from the original client? Reply Contact @anilr: you're absolutely right, we're not using ARR yet the helper module was simple and effective way of solving our problem! thanks a bunch btw =)

• 07-15-2009, 8:53 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Can requests appear to come from the original client? Reply Contact I have re-released the ARR helper module on my blog with fix for ignoring invalid X-Forwarded-For header.  The feature to only accept X-Forwarded-For headers from trusted proxies is still under consideration. Anil Ruia Senior Software Design Engineer IIS Core Server

• 07-20-2009, 11:36 AM

  In reply to

  Rolle Joined on 04-13-2009, 3:57 PM Posts 4	Re: Can requests appear to come from the original client? Reply Contact Great! It's working on our dev area... Thanks!

• 07-22-2009, 4:12 PM

  In reply to

  JohnGalt1 Joined on 07-22-2009, 7:09 PM Posts 1

  Re: Can requests appear to come from the original client? Reply Contact This definitely does appear to work great. Thanks much anilr! I'll have to throw my hat in the ring for a little more security on it though. Assuming a chain of proxies before the web server, and therefore a chain of X-Forwarded-For addresses in the header, which IP is picked to be the client IP in your module? Is it always the first IP in the chain?  If you are interested, here's some interesting info on how the problem has been addressed in Apache's mod_extract_forwarded module http://www.openinfo.co.uk/apache/index.html.

• 07-26-2009, 9:41 AM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Can requests appear to come from the original client? Reply Contact Thanks, I will give that a look.  Not sure exactly when I will update the ARRHelper module though. Anil Ruia Senior Software Design Engineer IIS Core Server

• 08-26-2009, 1:55 AM

  In reply to

  Brian Adams Joined on 08-26-2009, 5:52 AM Posts 1

  Re: Can requests appear to come from the original client? Reply Contact Just wanted to second everyone else that says the version of the ARRHelper that lets us provide and update trusted proxies would be very helpful.  The problem I have is that with managed code there does not appear to be a way to get in front of the ARRHelper before it executes in the pipeline.  If I could do that then I could have my own logic that checks for trusted proxy chains and I could blank out the x-forward-for header before the AARHelper even has a chance to process it.

• 10-11-2009, 12:44 PM

  In reply to

  stever@bitshop.com Joined on 04-19-2005, 1:15 AM Ashburn, VA Posts 13	Re: Can requests appear to come from the original client? Reply Contact Have you considered just making this a CodePlex project so these enhancements could be made? I would think some of the people interested in these enhancements could contribute them..   Steve Radich - President BitShop.com - IIS Cloud Solution Coming Soon - Join our "Free 3 Month Beta" Waiting List Now...

• 11-05-2009, 6:21 PM

  In reply to

  anilr Joined on 05-23-2006, 10:13 PM Redmond, WA Posts 2,343	Re: Can requests appear to come from the original client? Reply Contact ARR helper has now been updated with the suggestions above. Anil Ruia Senior Software Design Engineer IIS Core Server