ASP.NET: Converting X-Forwarded-For To REMOTE_HOST

by Jon Davis 3. November 2010 03:18

Just keeping notes here. If you’re using IIS Mod Rewrite or if you’re running a reverse proxy or a non-transparent load balancer, you may find the request URL server variable mismatching and the REMOTE_ADDR server variable coming back as the IP address of the proxy server or as the load balancer IP. This is no good, because all of the user’s IP address information is lost. Well, almost lost. What should happen is the the reverse proxy is supposed to add an X-Forwarded-For HTTP header in the request headers containing the user’s IP address, as well as X-Original-URL. This can then be read back by the web server.

The problem is, even with X-Forwarded-For being passed in to the web server, REMOTE_ADDR is still wrong.

I’m looking for the easiest path to just fix this once and for all without delving into web application code. So I’m playing with this simple global.asax tweak to fix this. I haven’t fully tested this yet so, again, just taking notes here ..

void Application_BeginRequest(object sender, EventArgs e)
{
var ss = Request.ServerVariables["SERVER_SOFTWARE"];
if (!string.IsNullOrEmpty(ss) && ss.Contains("Microsoft-IIS")) // doesn't work w/ Cassini
{
string SourceIP = String.IsNullOrEmpty(Request.ServerVariables["HTTP_X_FORWARDED_FOR"])
? Request.ServerVariables["REMOTE_ADDR"]
: Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
Request.ServerVariables.Set("REMOTE_ADDR", SourceIP);
Request.ServerVariables.Set("REMOTE_HOST", SourceIP);
string OrigUrl = Request.ServerVariables["HTTP_X_ORIGINAL_URL"];
if (!string.IsNullOrEmpty(OrigUrl))
{
var url = new Uri(Request.Url, OrigUrl);
Request.ServerVariables.Set("SERVER_NAME", url.Host);
Request.ServerVariables.Set("SERVER_PORT", url.Port.ToString());
}
}
}

Tags:

Add comment


(Will show your Gravatar icon)  

  Country flag

biuquote
  • Comment
  • Preview
Loading




 

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

About the author

Jon Davis (aka "stimpy77") has been a programmer, developer, and consultant for web and Windows software solutions professionally since 1997, with experience ranging from OS and hardware support to DHTML programming to IIS/ASP web apps to Java network programming to Visual Basic applications to C# desktop apps.
 
Software in all forms is also his sole hobby, whether playing PC games or tinkering with programming them. "I was playing Defender on the Commodore 64," he reminisces, "when I decided at the age of 12 or so that I want to be a computer programmer when I grow up."

Jon was previously employed as a senior .NET developer at a very well-known Internet services company whom you're more likely than not to have directly done business with. However, this blog and all of jondavis.net have no affiliation with, and are not representative of, his former employer in any way.

Contact Me 


Tag cloud

Calendar

<<  September 2020  >>
MoTuWeThFrSaSu
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011

View posts in large calendar