Reverse Proxy HTTP with x-real-ip

book

Article ID: 169176

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition ProxySG Software - SGOS

Issue/Introduction

Setup is as below 
 
Internet------------------------------------------------Proxy----------------------------------------------WebServer
10.137.1.45    --------------------> 10.138.0.68       10.1.1.1 --------------------------------> 10.1.1.2
 
Webserver Real IP : 10.1.1.2
Webserver Published IP : 10.138.0.68
Proxy LAN IP : 10.1.1.1
WebServer LAN url : http://10.1.1.2/error.txt
External Link URL : http://10.138.0.68/error.txt
x-real-ip : 10.137.1.45

The goal is to present the Internet IP to the Web Server using x-real-ip.

Cause

User will have to alter the header either using x-forwarder-for or x-real-ip to present the external IP.

Resolution

  1. Create a listener for the Published IP.
User-added image

2.    Create a forwarding host for the internal Webserver
User-added image

3.    Create a Web Access Layer rule
a.    Destination : Request URL : Advance Match > Host contains : 10.138.0.68
b.    Action Allow
 User-added image
User-added image
4.    Create a forwarding Layer : Destination > Set > New > Select Forwarding
 User-added image
User-added image
User-added image
User-added image
User-added image

5.    Create a VIP to be published on the WAN side.
User-added image
 
6.    Create an internal Webserver for testing (internal IP: http://10.1.1.2/error.txt)
User-added image

7.    Modify the http header > using the combined object
a.    At the action field > use Combined Object > Allow + Control Request Header
b.    Name : x-real-ip
c.    Header Name : x-real-ip
d.    Set Value : $(client.address)
User-added image
User-added image
User-added image

8.    Test connection from external Site
a.    Access http://10.138.0.68/error.txt
b.    View Active session
c.    Perform packet capture on webserver, x-real-ip should show the real source IP.
User-added image


User-added image
User-added image



 

Attachments