Load balancers are going to probably act a bit different from one to
another as well.
For instance, we use a CoyotePoint with SSL off-loading. Http
requests wind up not even having a X-Forwarded-For value, so the code
below only works for us for SSL requests.
For http request, the cgi.remote_addr variable still winds up being
the load-balancer IP.
So we wound up just doing a replace/find to use this function instead
of the cgi.remote_addr everywhere.
public string function REMOTE_ADDR() output='false'
{
var httpRequest = GetHttpRequestData();
if(structKeyExists(httpRequest, "headers")
&& structKeyExists(httpRequest.headers,
"X-Forwarded-For"))
{
return
getToken(httpRequest.headers['X-Forwarded-For'],1,',');
}
return cgi.remote_addr;
}
On Wed, Aug 1, 2012 at 5:50 PM, Kris Jones <kris.jon...@verizon.net> wrote:
>
> You can reference that as cgi.http_x_forwarded_for -- and it will come back
> blank if not there, and with a list of IPs otherwise.
>
> So I supposed you could do something in your onrequest that if it exists
> replaces cgi.remote_addr -- but that's not going to help you if it returns
> multiple IPs. (We usually see 2 IPs in the list).
>
> Also note: the IPs returned could well be another proxy. It is still not a
> definitive end-point resolver.
>
>
> Cheers,
> Kris
>
>
> On Wed, Aug 1, 2012 at 5:11 PM, Matthew Gersting <mgerst...@gmail.com>wrote:
>
>> [snip]
>> We're running our CF servers (using JRun and Apache) behind a load
>> balancer, and as such the IP address that comes through the apps in
>> CGI.REMOTE_ADDR is always the IP of the load balancer. Now, I'm familiar
>> that the standard procedure for this seems to be having the proxy (or, in
>> this case load balancer) add a header - X-FORWARDED-FOR. We've accomplished
>> that.
>>
>> The question then is how to reliably use this value in both the scenario
>> when it's defined (coming from the LB) and when it's not (when, say, I'm
>> hitting a box directly via IP). In other threads on CF-Talk I've seen this
>> come up and one solution was the same I came up with (basically an if
>> IsDefined etc). That's all well and good, but my question is this:
>>
>>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352031
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
