We are getting many 4xx errors. So inorder to investigate it we haev clicked on drill down->purepaths, then right clicked on purepath and then when we clicked the details. There we are able to see the client IP which is capturing only our internal IPs. What we have to do or change, so that we will be able to capture the external IPs from where the URL is getting invoked?
The devices which capture the request coming from the user and send it forward need to have the "x-forwarded-for" header enabled on the requests. This will ensure that when the request is passed on, the originating IP address stays as the client's true IP address and not the IP address of the component sending the request forwards. The AppMon tool should then pick up the user's IP address rather than the component's.
Can you confirm this header is enabled?
Any device that receives the request and then sends it forwards. The most common example we see is Load Balancer in front of Web or App servers. If the Load Balancer does not apply the x-forwarded-for header on requests, all other servers after it will read the client IP as the load balancer's IP. With the x-forwarded-for header, you can keep track of the true client IP. Other examples are also firewalls, proxies, etc.
Are there any such devices in your architecture?
That will be in the load balancer's settings and will differ depending on the load balancer you are using. Ask your network team or whoever is responsible for configuring these devices, they will surely know.
The client IPs are being captured in our webserver that was confirmed by our team. Then how can we fetch them and show it in Dynatrace instead of the load balancer IP.
Do we need to uncheck the Client IP-Address in confidential strings settings or else do we need to do something else?
And can you please tell me what does this confidential strings do?
PFA @Radu S.
1. Confidential Strings
Certain strings recorded by the product can be marked as confidential. Then, only user accounts which have the permission "view confidential strings" enabled will be able to view this information in the tool. For users without this permission the data will look like **************************.
2. Client IPs
Ok, so the webserver is getting the correct client IP address, meaning that the load balancer in front of it must use some mechanism (x-forwarded-for or alternative) to pass the correct information on. Can you:
Basically, AppMon uses the headers listed in the Geographical Locations section to determine the client IP address. If "x-forwarded-for" is used in your load balancer, we need to make sure it appears in that list also. If your load balancer uses a custom header, we need to add that custom header to that list.
Thanks Radu. I have asked my team and got to know the header which they are using to pass correct client IP and when I added that to confidential strings, am able to see the correct IP address.
There is URL like '/' which is triggering constant 4xx errors 48 times/hour. But the client IP for that URL is showing like load balancer itself. Can you please tell me why? @Radu S.
Hi Praveena, for this request, the client IP address is shown as the load balancer address because this is most likely the load balancer sending a request to the webserver at the root '/' to verify if the webserver is 'alive' to receive requests. The slash '/' is like an empty directory path (e.g. the same way on Windows we would have C:/Users/Desktop the same way we have http://webserverAddress/folder1/folder2, and an empty / just points to the main folder on that path). The count is constant every hour because these are scheduled checks that happen periodically to ensure the webserver is working.
I am not sure. You will have to ask your team. I think some load balancers have it built in, some have to be manually configured. But all load balancers should have documentation/settings to understand how the check is done.
Since every request ends in a 403: Unauthorised error, this points to a bad configuration of the load balancer's health check. If the server wouldn't be alive or ready to accept requests your code would have been 5xx (to indicate a server side issue). 403 usually means that the client (the load balancer in your situation) does not have access rights to the content so server is rejecting to give proper response. I think what you need to do here is either configure the webserver to accept requests from the load balancer to the root folder "/" (might have to include the load balancer IP) or configure the load balancer to send the request to a page (maybe some index.html, or check.html) so it is a specific request for a page. Either way, you need to fix this so that request returns a 200 instead of 403.
I hope this helps.