Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-39910

need to get the user's IP address when we're behind a load balancer

    XMLWordPrintable

    Details

    • Type: (Deprecated) Contributed Patch
    • Status: CLOSED
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 10.0
    • Fix Version/s: None
    • Component/s: Kernel
    • Labels:
    • Previous Issue Keys:
      KNL-1382

      Description

      We are behind a load balancer that acts as a full proxy. The IP address we see is always the load balancer. This makes session logs misleading, and also makes the IP address test in some places not usable.

      This patch has two sakai.properties values that lets us get the right address. The assumption is that the load balancer will supply a header such as X-Forwarded-For with the right address. Here's a sample conjuration:

      checkforward.addresses=128.6.210.69,128.6.210.70
      checkforward.header=X-Forwarded-For

      Both values must be set for it to do anything. The addresses value gives the addresses from which the load balancer will send traffic. At Rutgers we have situations where you can access the servers directly. We only want to use the X-Forwarded-For header when access comes from the load balancer. Otherwise users could add their own header and fake their IP address.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                k1team KERNEL TEAM (Inactive)
                Reporter:
                hedrick Charles Hedrick
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Git Source Code