Openshift redirect service to https loses users IP address
-
21-12-2019 - |
Question
Hi Iam redirecting all my traffic to https as suggested in the Knowledge Base: https://openshift.redhat.com/community/kb/kb-e1044-how-to-redirect-traffic-to-https
However after doing this Iam unable to get the users ip address and instead get the ip address of the Server which is redirecting:
Below is an example of a Java spring MVC specific implementation. The currentViewedIP becomes is the servers which did the redirected to HTTPS rather than the users IP.
@RequestMapping(value = "/payment/", method = RequestMethod.GET)
public String newBracqet(Model model, HttpServletRequest request) {
String currentViewedIP = request.getRemoteAddr();
}
Solution
If user is behind a proxy server or access your web server through a load balancer (for example, in cloud hosting), the above code will get the IP address of the proxy server or load balancer server, not the original IP address of a client.
To solve it, you should get the IP address of the request’s HTTP header “X-Forwarded-For (XFF)“.
//is client behind something?
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}