Phil Of course the IP addresses are all on the firewall. How else is it going to know what to map. Though the firewall will accept connections on multiple ip addresses, it will only broadcast out though one ip address. This means the CHTTP request won't come from the IP address of the NIC, but the primary IP address of your firewall. It won't matter what sort of proxy you use if it is behind the firewall as the firewall is the appliance that is doing the broadcasting, not the NIC on the box or the proxy.
-----Original Message----- From: Phil Rasmussen [mailto:[email protected]] Sent: Friday, 13 April 2012 12:18 PM To: cfaussie Subject: [cfaussie] Re: Manipulating CFHTTP Source IP Steve the IPs are mapped directly through the firewall to the server so the 10 IPs bound to the NIC will be the source IPs of outbound requests there is no question there. My concern was that in previous versions of CF (7 and lower I think), then source IP of an outgoing CFHTTP request would be the primary IP bound to the NIC (highest in stack) regardless of the IIS website IP. I think if the headers can't be used to distinguish the requests, the proxy option sounds like it will work though. On Apr 13, 11:50 am, "Steve Onnis" <[email protected]> wrote: > For that to happen it would need to happen within the firewall or > after the firewall > > > > > > > > -----Original Message----- > From: Barry Chesterman [mailto:[email protected]] > Sent: Friday, 13 April 2012 1:29 AM > To: [email protected] > Subject: Re: [cfaussie] Re: Manipulating CFHTTP Source IP > > x-forwarded-for is really only an additional header stapled onto an > http request and I would have thought any external system accepting a > limited number of requests from a specific IP wouldn't even be looking > at x-forwarded-for for decision making (although it depends how the > logic is written at that end and at what level it does the ip based > decision making :)). > > If it were me, I'd look at using some sort of proxy / load balancing > solution that can route traffic out different IP addresses (sounds > like you are halfway there with your 10 nic box), but you can get > software which does http forwarding or re-routing so your requests > would effectively come from different ip's and keep your external service happy. > > On Thu, Apr 12, 2012 at 11:07 AM, Phil Rasmussen <[email protected]> wrote: > > Hi Blair thanks for that I hadn't seen that X-Forwarded-For header > > before and that could do the job, though i'm not sure how the > > request will look at the other end in terms of source IP. Only one > > way to find out I guess! I was thinking of setting up a proxy and > > using multiple instances of Tomcat on the same server to setup 10 > > separate webserver instances each with it's own IP, and then route > > requests through these though I'd prefer the HTTP header route if that works. > > > Steve the IPs are going through multiple firewalls at the hosting > > provider before reaching the actual server where the IPs are mapped > > and then bound to the NIC. > > > On Apr 12, 6:42 pm, Blair McKenzie <[email protected]> wrote: > >> May not work (depending on how the web service is set up) but you > >> could try using the X-Forwarded-For > >> <http://en.wikipedia.org/wiki/X-Forwarded-For>header in the requests. > >> There is also using an HTTP proxy, though I'm not sure how that > >> affects the IP address of a request. > > >> Blair > > >> On Thu, Apr 12, 2012 at 5:46 PM, Phil Rasmussen <[email protected]> wrote: > >> > Hi Everyone. Had an interesting development topic come up today > >> > and I'm not sure it's even possible though it's worth a shot. > > >> > We have an existing sync process that sends approximately 100 > >> > traveller profiles a minute to an external web service, and now > >> > we have the opportunity to increase this throughout 5 fold but > >> > opening up separate connections (up to 5) as long as we don't > >> > exceed a total of > >> > 300 syncs every 60 seconds across all connections in total. Now > >> > the tricky part is i can't just create new threads to execute the > >> > parallel processes, the external system will only treat them as > >> > separate requests if the source IP is different. > > >> > With the application sitting on a single webserver with 10 public > >> > IPs bound to the NIC, i'm wondering if there is a way I can > >> > create some kind of proxy using IIS to allow sending from different IPs. > >> > CFHTTP from what I recall uses the highest IP in the stack on the > >> > outgoing NIC, so I'm not sure if this is even possible? > > >> > If anyone has any thoughts on this would love to hear it. > > >> > Cheers > >> > Phil > > >> > -- > >> > You received this message because you are subscribed to the > >> > Google Groups "cfaussie" group. > >> > To post to this group, send email to [email protected]. > >> > To unsubscribe from this group, send email to > >> > [email protected]. > >> > For more options, visit this group at > >> >http://groups.google.com/group/cfaussie?hl=en. > > > -- > > You received this message because you are subscribed to the Google > > Groups > "cfaussie" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]. > > For more options, visit this group athttp://groups.google.com/group/cfaussie?hl=en. > > -- > You received this message because you are subscribed to the Google > Groups "cfaussie" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group athttp://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
