Transparent Reverse ProxyRSS

6 replies

Last post Sep 02, 2019 10:52 AM by StefanoDUrso

  • Transparent Reverse Proxy

    Aug 29, 2019 09:21 AM|StefanoDUrso|LINK

    Hi, 

    i'm trying to configure IIS in order to have a scenario in which the reverse proxy acts in a transparent way, that is: the TCP connection between the webserver and the destination is set with the client IP as source IP. 

    How can i achieve that? I was trying to force the REMOTE_ADDR server variable but it seems it's not the case.

    Both Request.ServerVariables["REMOTE_ADDR"] and  Request.UserHostAddress provide the same result at the destination that is: the reverse proxy IP and not the client one. How can i override that?

    Thanks

    stefano

  • Re: Transparent Reverse Proxy

    Aug 30, 2019 02:25 AM|Jalpa Panchal|LINK

    Hi,

    The X-Forwarded-For (XFF) HTTP header field is used for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.

    There are also options in IIS to log the client IP address if XFF is used.

    You could use below URL rewrite rule which checks that HTTP_X_FORWARDED_FOR header exists and has a value and assign that HTTP_X_FORWARDED_FOR value to the REMOTE_ADDR variable.

    <rule name="RewriteRemoteAddr">
        <match url="(.*)" />
        <conditions>
            <add input="{HTTP_X_FORWARDED_FOR}" pattern="([_0-9a-zA-Z]+)" />
        </conditions>
        <serverVariables>
            <set name="{REMOTE_ADDR}" value="{HTTP_X_FORWARDED_FOR}" />
        </serverVariables>
        <action type="None" />
    </rule>

    Regards,

    Jalpa

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Transparent Reverse Proxy

    Aug 30, 2019 05:56 AM|StefanoDUrso|LINK

    Hi,

    thanks for the feedback. Is there any way to override the REMOTE_ADDR instead?

    Thanks

    stefano

  • Re: Transparent Reverse Proxy

    Aug 30, 2019 07:28 AM|Jalpa Panchal|LINK

    yes, you could do that by using iis URL rewrite rule as I suggested in the above post.

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Transparent Reverse Proxy

    Aug 30, 2019 10:40 AM|StefanoDUrso|LINK

    Hi Jalpa,

    maybe i'm doing something wrong here but it's not working.

    The action type should be "rewrite" in the web.config so that row should be:

    <action type="Rewrite" url="http://destinationUrl.com/{R:1}" />

    anyway i still can't reach the destination; if i remove the "condition" section i'm able to reach the destination server but the override of the REMOTE_ADDR is not working. So i have a final web.config as follows:

    <rule name="RewriteRemoteAddr">

    <match url="(.*)" />

    <serverVariables><set name="{REMOTE_ADDR}" value="{HTTP_X_FORWARDED_FOR}" />

    </serverVariables>    

    <actiont type="Rewrite" url="http://destinationUrl.com/{R:1}" />

    </rule>

    but at destination side what arrives is:

    • REMOTE_ADDR / UserHostAddress --> the reverse proxy IP
    • HTTP_X_FORWARDED_FOR --> first entry the original client IP

    Let me know if this is clear

    thanks

  • Re: Transparent Reverse Proxy

    Sep 02, 2019 08:22 AM|Jalpa Panchal|LINK

    Do you wants to change the header value or something else? 

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Transparent Reverse Proxy

    Sep 02, 2019 10:52 AM|StefanoDUrso|LINK

    i would like that REMOTE_ADDR header (and UserHostAddress) to be the one i set through rewrite