It’s important that my web site, which lives on an Amazon EC2 instance, be able to detect the IP address of the client. The HttpRequest.UserHostAddress property is of no value since this contains only the IP address of the Amazon Load Balancer which proxies the inbound request.
Researching StackOverflow led me to understand that using HttpRequest.Headers[“X-Forwarded-For”] would provide the client’s public IP address and indeed, I’ve been using this technique for a year with no problem. Until today.
Today I started seeing the IP address 10.116.146.52 being reported for a particular user. This is obviously a private IP address. X-Forwarded-For seems to have stopped working — but only for this one user. The one thing that makes this user unique is that he’s logging in from China. When he uses the same laptop and logs in from the USA, there isn’t a problem. The problem presents itself solely when the connection(s) originate from China.
Finally, I want to point out that I realize that X-Forwarded-For can contain a comma-delimited list of IP addresses as opposed to just one. In that case, I always grab the first one in the chain, since that’s supposed to be the user’s public IP of origin as noted in the Wikipedia article that discusses X-Forwarded-For.
This happens because the user is using an additional proxy server that is adding its own X-Forwarded-For header. As you say, the header will contain multiple values and the first one is supposed to be the actual IP of the client.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#x-forwarded-headers has additional info.
in: c:\coldfusion10\cfusion\runtime\conf\server.xml
Added
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="X-Forwarded-Proto" remoteIpHeader="X-Forwarded-For" protocolHeaderHttpsValue="https" />
to
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false">
paste it under the first valve (around line 144)
works perfectly.
Related
Hi I am having my own domain mydomain.ac.in and i am having my own server (windows 2008) and a Public static IP.
Now i want to host my site in my own server.
Please give me the step by step information to get it done.
Thanks.
You need to register your domain with some DNS hosting service (DNS provider), there is such an astronomic number of these on the web that I do not want to spam the site. Google.
Also, collocation center where you keep this server (and from where you have probably obtained that public IP) may also provide DNS services.
From the other side, any computer can be configured as the name server but this will probably not work Internet wide and can be used inside the local network only (combined with DHCP service). If there is an easy way to make this Internet wide, I would also be very interested in, but I doubt.
Your operating system is not much relevant to this question.
I registered my domain already in ernet by indian Government and I got my Public Static IP from BSNL India. I hosted my site already and i am able to access my site already using the ip. Now i want to map my domain with the server that i have so that i can access my domain using a domain name.
I tried the steps in http://www.hosting.com/support/dedicated/dns/setdns#additional.. But when i add the name server information it says cannot resolve hostname??? that s why i want to know where i am making mistake..
I once again tried the steps at http://www.hosting.com/support/dedicated/dns/setdns and got it right..Now i have updated the name server info at my domain registrar ernet and waiting for it to be updated. Thanks fo the people helped me
Okay, so we implement Recaptcha in production. We get errors because it can't reach the IP address it needs to use the service. We open a port for the IP address to reach Google. No problem. We do that and configure that IP address explicitly to work. It works great. Then, the next day, we start getting errors again because Recaptcha is using a different IP address. I can allow requests from that IP address, too, but now I'm unsettled. Where are these addresses coming from? How do I configure this to work reliably?
Recatpcha from Google can use any Google IP address and there are lots of them.
Ran this from Windows:
_netblocks.google.com text =
nslookup -type=TXT _netblocks.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
That's all the network Google uses currently. These can change so check them often.
Google suggest allowing port 80 to all IPs outbound, this highly insecure. They recommend going through a proxy server but again that is highly insecure if your web server is an DMZ. Proxy aware trojans do exist. All that need to be done is exploit a vulnerability to execute arbitrary code and you can create reverse connection on port 80 through a proxy server to download the payload. Then it is trivial to escalate privileges and own the box. I don't mean just Windows servers but Linux as well. I've done it in lab environment on security was on. It's really easy to do.
This is the Google website I got this from:
http://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha
I wanted to append to this answer with more recent information. The documentation that Chris is pointing to does not include all of the TXT records necessary to dig (thanks Google):
_netblocks2.google.com (IPv6 subnets)
_netblocks3.google.com (Additional IPv4 subnets)
In my particular case, the _netblocks3 entry contained 2 large /19's that made my initial rule ineffective
(I found additional references here: https://support.google.com/a/answer/60764?hl=en)
Perhaps you should be using a hostname rather than IP
I have looked this up and what was described in other answers did not work for me. I created a elastic ip from my ec-2 dashboard, and I set the A records of my domain (www, *, and #(none)) but it does not work. When I try to go directly to the ip address it also does not work though so I am not sure why this is happening.
Also where exactly does the elastic ip point? To my home folder, to the ec-2 user? It is not working now so I couldn't test it, but when it does work I still won't know.
Two things: remember that your domain will need to propagate, so leave it a few hours. Also, your elastic IP points to the machine you bound it to.
Almost forgot, you also need to edit your security zone to open up ports to allow incoming connections on those ports, as the default is to block everything except SSH.
I have a sub-domain sub1.primary.com that works correctly. Now I need to setup sub2.primary.com and have it point to the same web application as sub1.primary.com. I tried it as a new A record and a new CName however when I try navigating to sub2.primary.com and expect to see sub1.primary.com I see a completely different application that sits on sub7.primary.com.
I have tried the A record solo, the CName solo, both together, and each instance with and without pointer records. I am using a Windows 2003 Server with IIS 6. I tried googling for an answer and couldn't find any information.
Here is my setup at the moment. I have created a Host (A) record in DNS for sub2.primary.com with an associated pointer record. I have added the sub2.primary.com to host headers of sub1.primary.com. Whenever I navigate to sub2.primary.com it displays sub7.primary.com instead of sub1.primary.com. Which is bizarre because if it were going to default to something I would rather it default to www.primary. com.
I don't know if it matters but the sub1.primary.com is under SSL and so is sub7.primary.com, along with 5 others on a *.primary.com SSL cert.
Each subdomain should have an A record pointing to the same IP. I sounds like this is what you tried first -- if that didn't work, I'd suggest making sure that your web server's vhost configuration is sending sub2.primary.com to the right place.
When IIS hosts multiple websites on the same IP address, it uses the incoming request URLs to guess which virtual site to send the client to.
In other words: you need to configure your host headers to accept both names for the appropriate web site. Microsoft publishes some good how-to documentation here and here, or here is a more detailed explanation.
Can I use google -- specifically i am thinking of the google ajax api -- to enumerate a list of host names of websites that are hosted on a particular IP address.
Note
Yes, I know that other mechanisms, such as MSN search and obviously DNS services can be used, but I am specificially looking for whether a google solution exists.
AFAIK Google doesn't give out the IP addresses in its search results (unless the URL is only accessible from IP address rather than a host name).
I know you only want Google solutions, but have you tried My IP Neighbors? You put in a URL or IP and it gives you the sites also hosted on the IP.
Not sure you can do with google ajax api; however I think that the best solution would be more oriented towards a sysadmin job (thus ask serverfault..), mainly:
find which nameserver is authoritative for such website
find out which other domains using that nameserver as authoritative
simply because websites hosted on the same server are often served by the same DNS.
On a side note, since a DNS can be authoritative for other domains (not hosted on that IP), you might want to double-check that list and do a lookup on all domains, filtering out those that are hosted on a different server.
This leaves open the question of load balancing, tho: what if a domain is hosted on more than one server?
The answer is left as an exercise to the reader. :)
I searched through Google's forums for SEO Q&A and technical Q&A. The issue of whether Google captures IP addresses is not directly addressed. However, there is at least one answer which suggests Google doesn't care about IP addresses (see squibble's second response.)