RE: [cfaussie] Re: Manipulating CFHTTP Source IP
Phil All your outgoing connections will go out via the IP address configured as your firewalls IP address. This means any web services you are connecting to, no matter what you do programmatically will all come from the same IP address -Original Message- From: Phil Rasmussen [mailto:ara...@gmail.com] Sent: Thursday, 12 April 2012 8:08 PM To: cfaussie Subject: [cfaussie] Re: Manipulating CFHTTP Source IP Hi Blair thanks for that I hadn't seen that X-Forwarded-For header before and that could do the job, though i'm not sure how the request will look at the other end in terms of source IP. Only one way to find out I guess! I was thinking of setting up a proxy and using multiple instances of Tomcat on the same server to setup 10 separate webserver instances each with it's own IP, and then route requests through these though I'd prefer the HTTP header route if that works. Steve the IPs are going through multiple firewalls at the hosting provider before reaching the actual server where the IPs are mapped and then bound to the NIC. On Apr 12, 6:42 pm, Blair McKenzie shi...@gmail.com wrote: May not work (depending on how the web service is set up) but you could try using the X-Forwarded-For http://en.wikipedia.org/wiki/X-Forwarded-Forheader in the requests. There is also using an HTTP proxy, though I'm not sure how that affects the IP address of a request. Blair On Thu, Apr 12, 2012 at 5:46 PM, Phil Rasmussen ara...@gmail.com wrote: Hi Everyone. Had an interesting development topic come up today and I'm not sure it's even possible though it's worth a shot. We have an existing sync process that sends approximately 100 traveller profiles a minute to an external web service, and now we have the opportunity to increase this throughout 5 fold but opening up separate connections (up to 5) as long as we don't exceed a total of 300 syncs every 60 seconds across all connections in total. Now the tricky part is i can't just create new threads to execute the parallel processes, the external system will only treat them as separate requests if the source IP is different. With the application sitting on a single webserver with 10 public IPs bound to the NIC, i'm wondering if there is a way I can create some kind of proxy using IIS to allow sending from different IPs. CFHTTP from what I recall uses the highest IP in the stack on the outgoing NIC, so I'm not sure if this is even possible? If anyone has any thoughts on this would love to hear it. Cheers Phil -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
Re: [cfaussie] Re: Manipulating CFHTTP Source IP
x-forwarded-for is really only an additional header stapled onto an http request and I would have thought any external system accepting a limited number of requests from a specific IP wouldn't even be looking at x-forwarded-for for decision making (although it depends how the logic is written at that end and at what level it does the ip based decision making :)). If it were me, I'd look at using some sort of proxy / load balancing solution that can route traffic out different IP addresses (sounds like you are halfway there with your 10 nic box), but you can get software which does http forwarding or re-routing so your requests would effectively come from different ip's and keep your external service happy. On Thu, Apr 12, 2012 at 11:07 AM, Phil Rasmussen ara...@gmail.com wrote: Hi Blair thanks for that I hadn't seen that X-Forwarded-For header before and that could do the job, though i'm not sure how the request will look at the other end in terms of source IP. Only one way to find out I guess! I was thinking of setting up a proxy and using multiple instances of Tomcat on the same server to setup 10 separate webserver instances each with it's own IP, and then route requests through these though I'd prefer the HTTP header route if that works. Steve the IPs are going through multiple firewalls at the hosting provider before reaching the actual server where the IPs are mapped and then bound to the NIC. On Apr 12, 6:42 pm, Blair McKenzie shi...@gmail.com wrote: May not work (depending on how the web service is set up) but you could try using the X-Forwarded-For http://en.wikipedia.org/wiki/X-Forwarded-Forheader in the requests. There is also using an HTTP proxy, though I'm not sure how that affects the IP address of a request. Blair On Thu, Apr 12, 2012 at 5:46 PM, Phil Rasmussen ara...@gmail.com wrote: Hi Everyone. Had an interesting development topic come up today and I'm not sure it's even possible though it's worth a shot. We have an existing sync process that sends approximately 100 traveller profiles a minute to an external web service, and now we have the opportunity to increase this throughout 5 fold but opening up separate connections (up to 5) as long as we don't exceed a total of 300 syncs every 60 seconds across all connections in total. Now the tricky part is i can't just create new threads to execute the parallel processes, the external system will only treat them as separate requests if the source IP is different. With the application sitting on a single webserver with 10 public IPs bound to the NIC, i'm wondering if there is a way I can create some kind of proxy using IIS to allow sending from different IPs. CFHTTP from what I recall uses the highest IP in the stack on the outgoing NIC, so I'm not sure if this is even possible? If anyone has any thoughts on this would love to hear it. Cheers Phil -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
RE: [cfaussie] Re: Manipulating CFHTTP Source IP
For that to happen it would need to happen within the firewall or after the firewall -Original Message- From: Barry Chesterman [mailto:barrychester...@gmail.com] Sent: Friday, 13 April 2012 1:29 AM To: cfaussie@googlegroups.com Subject: Re: [cfaussie] Re: Manipulating CFHTTP Source IP x-forwarded-for is really only an additional header stapled onto an http request and I would have thought any external system accepting a limited number of requests from a specific IP wouldn't even be looking at x-forwarded-for for decision making (although it depends how the logic is written at that end and at what level it does the ip based decision making :)). If it were me, I'd look at using some sort of proxy / load balancing solution that can route traffic out different IP addresses (sounds like you are halfway there with your 10 nic box), but you can get software which does http forwarding or re-routing so your requests would effectively come from different ip's and keep your external service happy. On Thu, Apr 12, 2012 at 11:07 AM, Phil Rasmussen ara...@gmail.com wrote: Hi Blair thanks for that I hadn't seen that X-Forwarded-For header before and that could do the job, though i'm not sure how the request will look at the other end in terms of source IP. Only one way to find out I guess! I was thinking of setting up a proxy and using multiple instances of Tomcat on the same server to setup 10 separate webserver instances each with it's own IP, and then route requests through these though I'd prefer the HTTP header route if that works. Steve the IPs are going through multiple firewalls at the hosting provider before reaching the actual server where the IPs are mapped and then bound to the NIC. On Apr 12, 6:42 pm, Blair McKenzie shi...@gmail.com wrote: May not work (depending on how the web service is set up) but you could try using the X-Forwarded-For http://en.wikipedia.org/wiki/X-Forwarded-Forheader in the requests. There is also using an HTTP proxy, though I'm not sure how that affects the IP address of a request. Blair On Thu, Apr 12, 2012 at 5:46 PM, Phil Rasmussen ara...@gmail.com wrote: Hi Everyone. Had an interesting development topic come up today and I'm not sure it's even possible though it's worth a shot. We have an existing sync process that sends approximately 100 traveller profiles a minute to an external web service, and now we have the opportunity to increase this throughout 5 fold but opening up separate connections (up to 5) as long as we don't exceed a total of 300 syncs every 60 seconds across all connections in total. Now the tricky part is i can't just create new threads to execute the parallel processes, the external system will only treat them as separate requests if the source IP is different. With the application sitting on a single webserver with 10 public IPs bound to the NIC, i'm wondering if there is a way I can create some kind of proxy using IIS to allow sending from different IPs. CFHTTP from what I recall uses the highest IP in the stack on the outgoing NIC, so I'm not sure if this is even possible? If anyone has any thoughts on this would love to hear it. Cheers Phil -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
RE: [cfaussie] Re: Manipulating CFHTTP Source IP
Phil Of course the IP addresses are all on the firewall. How else is it going to know what to map. Though the firewall will accept connections on multiple ip addresses, it will only broadcast out though one ip address. This means the CHTTP request won't come from the IP address of the NIC, but the primary IP address of your firewall. It won't matter what sort of proxy you use if it is behind the firewall as the firewall is the appliance that is doing the broadcasting, not the NIC on the box or the proxy. -Original Message- From: Phil Rasmussen [mailto:ara...@gmail.com] Sent: Friday, 13 April 2012 12:18 PM To: cfaussie Subject: [cfaussie] Re: Manipulating CFHTTP Source IP Steve the IPs are mapped directly through the firewall to the server so the 10 IPs bound to the NIC will be the source IPs of outbound requests there is no question there. My concern was that in previous versions of CF (7 and lower I think), then source IP of an outgoing CFHTTP request would be the primary IP bound to the NIC (highest in stack) regardless of the IIS website IP. I think if the headers can't be used to distinguish the requests, the proxy option sounds like it will work though. On Apr 13, 11:50 am, Steve Onnis st...@cfcentral.com.au wrote: For that to happen it would need to happen within the firewall or after the firewall -Original Message- From: Barry Chesterman [mailto:barrychester...@gmail.com] Sent: Friday, 13 April 2012 1:29 AM To: cfaussie@googlegroups.com Subject: Re: [cfaussie] Re: Manipulating CFHTTP Source IP x-forwarded-for is really only an additional header stapled onto an http request and I would have thought any external system accepting a limited number of requests from a specific IP wouldn't even be looking at x-forwarded-for for decision making (although it depends how the logic is written at that end and at what level it does the ip based decision making :)). If it were me, I'd look at using some sort of proxy / load balancing solution that can route traffic out different IP addresses (sounds like you are halfway there with your 10 nic box), but you can get software which does http forwarding or re-routing so your requests would effectively come from different ip's and keep your external service happy. On Thu, Apr 12, 2012 at 11:07 AM, Phil Rasmussen ara...@gmail.com wrote: Hi Blair thanks for that I hadn't seen that X-Forwarded-For header before and that could do the job, though i'm not sure how the request will look at the other end in terms of source IP. Only one way to find out I guess! I was thinking of setting up a proxy and using multiple instances of Tomcat on the same server to setup 10 separate webserver instances each with it's own IP, and then route requests through these though I'd prefer the HTTP header route if that works. Steve the IPs are going through multiple firewalls at the hosting provider before reaching the actual server where the IPs are mapped and then bound to the NIC. On Apr 12, 6:42 pm, Blair McKenzie shi...@gmail.com wrote: May not work (depending on how the web service is set up) but you could try using the X-Forwarded-For http://en.wikipedia.org/wiki/X-Forwarded-Forheader in the requests. There is also using an HTTP proxy, though I'm not sure how that affects the IP address of a request. Blair On Thu, Apr 12, 2012 at 5:46 PM, Phil Rasmussen ara...@gmail.com wrote: Hi Everyone. Had an interesting development topic come up today and I'm not sure it's even possible though it's worth a shot. We have an existing sync process that sends approximately 100 traveller profiles a minute to an external web service, and now we have the opportunity to increase this throughout 5 fold but opening up separate connections (up to 5) as long as we don't exceed a total of 300 syncs every 60 seconds across all connections in total. Now the tricky part is i can't just create new threads to execute the parallel processes, the external system will only treat them as separate requests if the source IP is different. With the application sitting on a single webserver with 10 public IPs bound to the NIC, i'm wondering if there is a way I can create some kind of proxy using IIS to allow sending from different IPs. CFHTTP from what I recall uses the highest IP in the stack on the outgoing NIC, so I'm not sure if this is even possible? If anyone has any thoughts on this would love to hear it. Cheers Phil -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group, send email to cfaussie@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed
Re: [cfaussie] Re: Manipulating CFHTTP Source IP
you could always fall back to java, there are a number of linked posts about this on stack overflow http://stackoverflow.com/questions/1721444/how-can-i-bind-an-outbound-of-course-httpurlconnection-to-a-specific-local-ip On Fri, Apr 13, 2012 at 12:25 PM, Steve Onnis st...@cfcentral.com.au wrote: Phil Of course the IP addresses are all on the firewall. How else is it going to know what to map. Though the firewall will accept connections on multiple ip addresses, it will only broadcast out though one ip address. This means the CHTTP request won't come from the IP address of the NIC, but the primary IP address of your firewall. It won't matter what sort of proxy you use if it is behind the firewall as the firewall is the appliance that is doing the broadcasting, not the NIC on the box or the proxy. -Original Message- From: Phil Rasmussen [mailto:ara...@gmail.com] Sent: Friday, 13 April 2012 12:18 PM To: cfaussie Subject: [cfaussie] Re: Manipulating CFHTTP Source IP Steve the IPs are mapped directly through the firewall to the server so the 10 IPs bound to the NIC will be the source IPs of outbound requests there is no question there. My concern was that in previous versions of CF (7 and lower I think), then source IP of an outgoing CFHTTP request would be the primary IP bound to the NIC (highest in stack) regardless of the IIS website IP. I think if the headers can't be used to distinguish the requests, the proxy option sounds like it will work though. On Apr 13, 11:50 am, Steve Onnis st...@cfcentral.com.au wrote: For that to happen it would need to happen within the firewall or after the firewall -Original Message- From: Barry Chesterman [mailto:barrychester...@gmail.com] Sent: Friday, 13 April 2012 1:29 AM To: cfaussie@googlegroups.com Subject: Re: [cfaussie] Re: Manipulating CFHTTP Source IP x-forwarded-for is really only an additional header stapled onto an http request and I would have thought any external system accepting a limited number of requests from a specific IP wouldn't even be looking at x-forwarded-for for decision making (although it depends how the logic is written at that end and at what level it does the ip based decision making :)). If it were me, I'd look at using some sort of proxy / load balancing solution that can route traffic out different IP addresses (sounds like you are halfway there with your 10 nic box), but you can get software which does http forwarding or re-routing so your requests would effectively come from different ip's and keep your external service happy. On Thu, Apr 12, 2012 at 11:07 AM, Phil Rasmussen ara...@gmail.com wrote: Hi Blair thanks for that I hadn't seen that X-Forwarded-For header before and that could do the job, though i'm not sure how the request will look at the other end in terms of source IP. Only one way to find out I guess! I was thinking of setting up a proxy and using multiple instances of Tomcat on the same server to setup 10 separate webserver instances each with it's own IP, and then route requests through these though I'd prefer the HTTP header route if that works. Steve the IPs are going through multiple firewalls at the hosting provider before reaching the actual server where the IPs are mapped and then bound to the NIC. On Apr 12, 6:42 pm, Blair McKenzie shi...@gmail.com wrote: May not work (depending on how the web service is set up) but you could try using the X-Forwarded-For http://en.wikipedia.org/wiki/X-Forwarded-Forheader in the requests. There is also using an HTTP proxy, though I'm not sure how that affects the IP address of a request. Blair On Thu, Apr 12, 2012 at 5:46 PM, Phil Rasmussen ara...@gmail.com wrote: Hi Everyone. Had an interesting development topic come up today and I'm not sure it's even possible though it's worth a shot. We have an existing sync process that sends approximately 100 traveller profiles a minute to an external web service, and now we have the opportunity to increase this throughout 5 fold but opening up separate connections (up to 5) as long as we don't exceed a total of 300 syncs every 60 seconds across all connections in total. Now the tricky part is i can't just create new threads to execute the parallel processes, the external system will only treat them as separate requests if the source IP is different. With the application sitting on a single webserver with 10 public IPs bound to the NIC, i'm wondering if there is a way I can create some kind of proxy using IIS to allow sending from different IPs. CFHTTP from what I recall uses the highest IP in the stack on the outgoing NIC, so I'm not sure if this is even possible? If anyone has any thoughts on this would love to hear it. Cheers Phil -- You received this message because you are subscribed to the Google Groups cfaussie group. To post to this group
