Reverse Proxy HTTP with x-real-ip

book

Article ID: 169176

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition ProxySG Software - SGOS

Issue/Introduction

Setup is as below

Internet------------------------------------------------Proxy----------------------------------------------WebServer
10.137.1.45 --------------------> 10.138.0.68 10.1.1.1 --------------------------------> 10.1.1.2

Webserver Real IP : 10.1.1.2
Webserver Published IP : 10.138.0.68
Proxy LAN IP : 10.1.1.1
WebServer LAN url : http://10.1.1.2/error.txt
External Link URL : http://10.138.0.68/error.txt
x-real-ip : 10.137.1.45

The goal is to present the Internet IP to the Web Server using x-real-ip.

Cause

User will have to alter the header either using x-forwarder-for or x-real-ip to present the external IP.

Resolution

Create a listener for the Published IP.

2. Create a forwarding host for the internal Webserver
User-added image

3.   Create a Web Access Layer rule
a.   Destination : Request URL : Advance Match > Host contains : 10.138.0.68
b.   Action Allow
User-added image

4. Create a forwarding Layer : Destination > Set > New > Select Forwarding
User-added image

5. Create a VIP to be published on the WAN side.
User-added image

6. Create an internal Webserver for testing (internal IP: http://10.1.1.2/error.txt)
User-added image

7.   Modify the http header > using the combined object
a.   At the action field > use Combined Object > Allow + Control Request Header
b.   Name : x-real-ip
c.   Header Name : x-real-ip
d.   Set Value : $(client.address)
User-added image

8.   Test connection from external Site
a.   Access http://10.138.0.68/error.txt
b.   View Active session
c.   Perform packet capture on webserver, x-real-ip should show the real source IP.
User-added image

Attachments

Feedback

thumb_up Yes

thumb_down No