cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

X-Forwarded-For configuration into DCRUM

bernard_theot
Contributor

Hi,

I have a problem to configure user identification via the X-Forwarded-For.

I configured it in the RUM Console, at the overall AMD level and in the software service.

Despite this, it is always the address of the load balancer that is raised in the CAS, and not the user address.

I attach a capture that shows the field X-Forwarded-For.

Someone would have any idea?

Regards,

Bernard

12 REPLIES 12

BabarQayyum
Leader

Hello Bernard,

Check the following posts and I hope this will resolve your problem.

https://answers.dynatrace.com/questions/141806/x-f...

https://answers.dynatrace.com/questions/118245/ip-address-recognition-from-x-forward-cookie.html

Regards,

Babar

Hello Babar,

I have seen these posts.

I tried all the scenarios but none worked.

Regards.

Bernard

ulf_thornander3
Inactive

Have you taken a trace so you know that the header is populated with the right info?

Hi Ulf,

the trace is attached to the post (horus.pcap).

And we see the X-Forwarded-For into the Http header.

The LB is 172.16.0.231

Regards,

Bernard

Hi Ulf,

the HTTP Stream shows :

GET /astre HTTP/1.1

Host: horenf.valdemarne.fr

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:53.0) Gecko/20100101 Firefox/53.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate, br

Connection: keep-alive

Upgrade-Insecure-Requests: 1

X-Forwarded-For: 46.218.44.205


ulf_thornander3
Inactive

OK - Got it - and as you say the Header Tag is there. I'll just have to boot up a VM and check what is going on. It'll be later tonight.

bernard_theot
Contributor

Thanks a lot Ulf,

If you can try tomorrow it will be perfect.

Regards.

Bernard

thun
Advisor

Did you try to "mask" the spaces? I had a customer project some time ago where the Header with the client-ip was named "REAL-CLIENT-IP" and we needed to put in this kind of regex to extract the IP-Adress:

%0d%0aREAL-CLIENT-IP:%20\([^%0d%0a]*\)%0d%0a

Good catch, looks like spaces are before and after IP address. Try to with the option of extracting it from header by the regular expression like

%0d%0aX-Forwarded-For:%20\([^%0d%0a%20]*\)%20%0d%0a

or maybe something like

X-Forwarded-For:\ ?\([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\)

I would agree with these recommendations if the header regex method was being used. Using the header tag method should just require specifying the tag itself - "X-forwared-for".

bernard_theot
Contributor

Hi Friderike,

thanks for your help. I will try this way when I will go to customer site.

Regards

Bernard

john_leight
Dynatrace Pro
Dynatrace Pro

Looking at the provided trace - there is only traffic from the client to the server (172.16.0.231 -> 10.110.11.50). There needs to be bi-directional traffic for the decode to work. I don't think the http parser will be invoked to parse the traffic if there is only one direction of traffic.

How did you capture this traffic and what filter did you use? Is the bi-directional traffic reaching the AMD? I think once the server responses are there the x-forwarded-for will be used to retrieve the client's real address.