My app is hosted on AWS Fargate, behind a load balancer. All incoming requests have the IP of this load balancer. It stores the original IP in the "X-Forwarded-For" header. Laravel can retrieve that easily.
I'm using the database driver for the auth session, and I noticed that it stores the IP address. If that IP address was correct, it would be very useful to me for other purposes.
So the question is: how can I customize the code that manages the session, so that instead of storing request()->ip(), it stores request()->header('X-Forwarded-For') ?
Thank you
the solution was to do this. I don't fully understand why, but it works.
AWS Application Load Balancer real user ip problem
trusting my loadbalancer as a proxy apparently allows the request()->ip() method to retrieve the correct IP.
Related
I'm trying to move my website over to AWS. I set up EC2 but I can't find a way to access the dev site I've set up to allow me to test it works before I switch over. The stack is Laravel/Forge and Nginx.
I have assigned an Elastic IP address, and I've enabled HTTP access via port 80. But when I go to the IP address it redirects to the live domain itself.
Same thing when I use the Public IPv4 DNS (ec2-<IP address>.compute-1.amazonaws.com).
I've been battling with it for some time. Can anyone advise what I'm doing wrong.
Is there a way to view the IP addresses of people who have visited my web application which was deployed with heroku? swish-prophet.herokuapp.com
From within your app's code, you can get the IP address of the person making the request using the HTTP_X_FORWARDED_FOR HTTP header.
You can also see that information in your app logs with the heroku logs command.
You can use $_SERVER['REMOTE_ADDR'] with php.
But you need to consider that some users are behind a proxy system, so there's no way to register that users correct address.
Some websites use REMOTE_ADDR such as:
IP Chicken
Mi IP
Meu IP
My IP Address
I have an issue I can't seem to figure how to solve. I am thinking of using Squid for this but not 100% sure how to configure. A developer is writing a script that will request an XML file from a secure web server.
The script will live in a cloud-based application and will send the request for this XML file to the web server, the script will then translate the XML file content into readable data using API calls and presented to the user in the application.
The problem is the following:
The application server (A) its load balanced and the IP address may not always be the same. We do not own this app server only have access to APIs
The Web server (B) that owns the XML is behind a firewall and it has to specify the incoming IP address allowed to access this content
I am thinking I would have to configure reverse proxy on Squid that will receive the script/request from any IP address (preferably from the application servers only) and would have to forward the exact request to the IP address of the Web server that owns the XML file.
This means that I would have to specify the IP address of the proxy server rather than the web server in the script and somehow allow the proxy server to know it needs to forward it to the web server.
I'm not sure how to do this securely since in this scenario as ANY external IP address coming the proxy server will be forwarded over.
(A) App server ======> Squid Proxy =======> (B) Webserver
I hope this makes sense thank you so much in advance for your help.
I'm developing a web application using Laravel hosting on a public cloud. Now, the application can be accessed publicly on the internet via domain address. However, I want to restrict to only users who are connecting to the organization networks to be able to use the application since we do not want the application to be used at home or elsewhere.
At the moment, the organization has 2 places (2 public internet networks) where they must be able to access to the application. Both of them are using home-standard internet where IP address changes every time the internet reconnects. As we do not have static IP addresses, I cannot filter user by using IP address filter. The IP filter rule must be changed every time when the organization network reconnected.
My application already have solid authentication and authorization mechanism and, of course, the users must know this information since they must access the app for work. However, this doesn't meet the requirement.
I have thought about the VPN but it (probably) doesn't not work because if we allow user the access to the VPN, they still be able to access the VPN anywhere and use the application outside the work places. If we restrict the VPN client to access from specific IP address, then when the IP changes, the same problem occurs.
To sum up, I would like to ask for the advice on how to restrict the access of web application, hosted on public internet, to the users that are connecting from the public IP address that can change every time when the internet reconnected. The requirement may sound strange but it is as it is. Please feel free to ask for more details if you want to and have a discussions on the suggestions.
Thank you in advance.
You could setup a client for a dynamic dns service (e.g. dyndns) on the client-side.
Then you could use that on the server-side to always check against current IP using that dns.
As alternative you could bind the website to localhost only and only let it be accessed via an pubkey-enforced SSH tunnel (and make that get auto-established by a script/scheduler on the client side, on a permission level outside of the users' reach, so that they can't take the private key needed for the connection anywhere)
You can use different PHP methods and variables to detect from where the request has been originated. Just whitelist your domains and organizations, and allow only them by adding a middleware.
Additionally, you can generate a token using Laravel Passport or you can create your own mechanism, and then use that token to authenticate if the request is valid or not.
Since the IP changes, you can setup a dynamic dns or as suggested on the comment above.
We're building a multitenant SAAS app. Each customer gets its own subdomain, http://customername.mycompany.com. Each customer will have many gigabytes of data, which means that they have to be assigned to a particular server and stay there.
If I have a server farm, and a request comes in for a particular customer, how do I direct the request to the right server?
My thought is that I'll have to create some kind of custom, programmable load balancer that will know where each customer lives and proxy the request through.
Is there an easier way?
If not, where do I find such a load balancer? The ones I've found online act more like appliances than applications which could go query a database to find the right destination server.
I think the answer is in the question; you mention that the user will connect to username.mycompany.com. So use a DNS A record to point them to a particular IP.
In the future, if you wanted to load balance the user across (say 2) servers, you could create a virtual IP on a load balancer appliance (running LVS for example), and then point the A record to the Virtual IP created by the LB, and distribute the user across a group of servers that you have configured.
This is why using subdomains is simpler than having URL based access such as company.com/username, in which case you would have to inspect the content of the packet to see the requested URL. By using subdomains, everything can be done at the IP layer.