Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

What to capture the external Ip from where the URL is invoked


Hi Team,

We are getting many 4xx errors. So inorder to investigate it we haev clicked on drill down->purepaths, then right clicked on purepath and then when we clicked the details. There we are able to see the client IP which is capturing only our internal IPs. What we have to do or change, so that we will be able to capture the external IPs from where the URL is getting invoked?

Thanks Praveena


Dynatrace Pro
Dynatrace Pro

Hi Praveena,

The devices which capture the request coming from the user and send it forward need to have the "x-forwarded-for" header enabled on the requests. This will ensure that when the request is passed on, the originating IP address stays as the client's true IP address and not the IP address of the component sending the request forwards. The AppMon tool should then pick up the user's IP address rather than the component's.

Can you confirm this header is enabled?

Best regards,


where should we enable this header? @Radu S.

Any device that receives the request and then sends it forwards. The most common example we see is Load Balancer in front of Web or App servers. If the Load Balancer does not apply the x-forwarded-for header on requests, all other servers after it will read the client IP as the load balancer's IP. With the x-forwarded-for header, you can keep track of the true client IP. Other examples are also firewalls, proxies, etc.

Are there any such devices in your architecture?

Yes we have the load balancer as you have for every purepath we are getting that IP to apply x-frowarded for that? @Radu S.

Means there will be no change from dynatrace end. Is it correct?

That will be in the load balancer's settings and will differ depending on the load balancer you are using. Ask your network team or whoever is responsible for configuring these devices, they will surely know.

The client IPs are being captured in our webserver that was confirmed by our team. Then how can we fetch them and show it in Dynatrace instead of the load balancer IP.

Do we need to uncheck the Client IP-Address in confidential strings settings or else do we need to do something else?

And can you please tell me what does this confidential strings do?

PFA @Radu S.


1. Confidential Strings
Certain strings recorded by the product can be marked as confidential. Then, only user accounts which have the permission "view confidential strings" enabled will be able to view this information in the tool. For users without this permission the data will look like **************************.
2. Client IPs
Ok, so the webserver is getting the correct client IP address, meaning that the load balancer in front of it must use some mechanism (x-forwarded-for or alternative) to pass the correct information on. Can you:

  • from AppMon client -> Settings -> Dynatrace Servers... -> Geographical Locations -> can you tell me what is listed under "Determine Client IP address using the following HTTP Headers"
  • ask your team to check the load balancer settings and tell you whether it uses "x-forwarded-for" header to pass correct client IP address, or a different header? If it's a different header, we need to know which one

Basically, AppMon uses the headers listed in the Geographical Locations section to determine the client IP address. If "x-forwarded-for" is used in your load balancer, we need to make sure it appears in that list also. If your load balancer uses a custom header, we need to add that custom header to that list.

Thanks Radu. I have asked my team and got to know the header which they are using to pass correct client IP and when I added that to confidential strings, am able to see the correct IP address.

There is URL like '/' which is triggering constant 4xx errors 48 times/hour. But the client IP for that URL is showing like load balancer itself. Can you please tell me why? @Radu S.

That is most likely a health check from the Load Balancer.

Thanks Dave. What kind of health check it would be generally? What does this URL '/' means actually ? and why the count is constant for every hour? @Dave M. @Radu S.

Hi Praveena, for this request, the client IP address is shown as the load balancer address because this is most likely the load balancer sending a request to the webserver at the root '/' to verify if the webserver is 'alive' to receive requests. The slash '/' is like an empty directory path (e.g. the same way on Windows we would have C:/Users/Desktop the same way we have http://webserverAddress/folder1/folder2, and an empty / just points to the main folder on that path). The count is constant every hour because these are scheduled checks that happen periodically to ensure the webserver is working.

Thanks Radu. Is this check from load balancer is a inbuilt feature or else we will somewhere in settings specify this to check whether webserver is alive or not? @Radu S.

I am not sure. You will have to ask your team. I think some load balancers have it built in, some have to be manually configured. But all load balancers should have documentation/settings to understand how the check is done.

Then why this URL is always giving 403 errors? Access forbidden here means either webserver is alive or it is not ready to receive requests. If it is not ready then we are able to capture purepaths. If it is alive to receive requests then why does 403 error comes? @Radu S.

Since every request ends in a 403: Unauthorised error, this points to a bad configuration of the load balancer's health check. If the server wouldn't be alive or ready to accept requests your code would have been 5xx (to indicate a server side issue). 403 usually means that the client (the load balancer in your situation) does not have access rights to the content so server is rejecting to give proper response. I think what you need to do here is either configure the webserver to accept requests from the load balancer to the root folder "/" (might have to include the load balancer IP) or configure the load balancer to send the request to a page (maybe some index.html, or check.html) so it is a specific request for a page. Either way, you need to fix this so that request returns a 200 instead of 403.
I hope this helps.

Thanks Radu. Your explanation has clarified all my doubts. @Radu S.