Fails with Azure Application Gateway / LB about ip-address-middleware HOT 6 CLOSED

When you construct IpAddress, can you set the headersToInspect parameter to:

[
        'X_FORWARDED_FOR',
        'Forwarded',
        'X-Forwarded-For',
        'X-Forwarded',
        'X-Cluster-Client-Ip',
        'Client-Ip',
    ]

And see if that works?

from ip-address-middleware.

$checkProxyHeaders = true;
$trustedProxies = [];
$attributeName = 'ip_address';
$headersToInspect = ['X_FORWARDED_FOR',
                     'Forwarded',
                     'X-Forwarded-For',
                     'X-Forwarded',
                     'X-Cluster-Client-Ip',
                     'Client-Ip'];

# note, i've tried both lowercase, and uppercase for x_forwarded_for
# as well as every possible field I found in the request, that contained my client IP address

$app->add(new RKA\Middleware\IpAddress($checkProxyHeaders, $trustedProxies, $attributeName, $headersToInspect));

$ipAddress = $request->getAttribute('ip_address');

This did not have any affect -- it still returns the [REMOTE_ADDR] which in my case, is 10.1.2.4.

If i print_r() the entire request, I can confirm I see my client IP appear in two ways (note, i've replaced my real ip with 9's across the board).

[HTTP_X_FORWARDED_FOR] => 99.999.999.999:25902

[x-forwarded-for] => Array
(
    [value] => Array
        (
            [0] => 99.999.999.999:25902
        )

    [originalKey] => HTTP_X_FORWARDED_FOR
)

I am currently pulling the IP address like this (as I cannot seem to get this middleware to work).

$ipAddress = $request->getHeader('x_forwarded_for');
$ipAddress = substr($ipAddress[0], 0, strpos($ipAddress[0], ":"));

from ip-address-middleware.

Hmm. I wonder if it's case sensitive?

i.e. $headersToInspect should be:

$headersToInspect = ['x_forwarded_for',
                     'Forwarded',
                     'X-Forwarded-For',
                     'X-Forwarded',
                     'X-Cluster-Client-Ip',
                     'Client-Ip'];

I don't have an Azure account to test on. Is there a simple getting started article somewhere that I could use to get a simple Slim app app and running in half an hour?

from ip-address-middleware.

I've narrowed down the issue -- two things are happening:

First, Azure sends along the port as part of the forwarded ip address. Because of this, filter_var(), along with the FILTER_VALIDATE_IP filter, as used in your isValidIpAddress() function, returns false.

Secondly, this chunk of code fails:

if ($this->checkProxyHeaders
    && !empty($this->trustedProxies)
    && in_array($ipAddress, $this->trustedProxies)
) {
    foreach ($this->headersToInspect as $header) {
        if ($request->hasHeader($header)) {
            $ip = $this->getFirstIpAddressFromHeader($request, $header);
            if ($this->isValidIpAddress($ip)) {
                $ipAddress = $ip;
                break;
            }
        }
    }
}

I first tried removing the trustedProxies (both && conditionals) as I am not passing any trusted proxies. Azure Application Gateways do not have static IP's. Instead, they create DNS names as the IP's always change. As such, I don't think it's possible for me to supply such values.

However, it still didn't work. As I found out, the entire wrapper including the if $this->checkProxyHeaders conditional prevents the code from firing (note I made true to pass TRUE for this argument when constructing IpAddress).

I was able to return my IP address only after bypassing (forcing return true) on the isValidIpAddress() check, and immediately running the foreach loop. outside of the if wrapper.

foreach ($this->headersToInspect as $header) {
    if ($request->hasHeader($header)) {
        $ip = $this->getFirstIpAddressFromHeader($request, $header);
        if ($this->isValidIpAddress($ip)) {
            $ipAddress = $ip;
            break;
        }
    }
}

I'm not sure there is a quick or easy way to establish an environment that matches mine, but please let me know if you need any additional details.

from ip-address-middleware.

@purplekrayons I'm pretty sure that sorting out the port number issue will solve this. If you can, would you mind seeing what happens with #17 applied?

from ip-address-middleware.

Still looks like i'm being returned the REMOTE_ADDR.

composer remove akrabat/ip-address-middleware
composer require akrabat/ip-address-middleware:dev-remove-port-from-ipaddress

/**
 * Add client ip address to request headers
 */
$checkProxyHeaders = false;
$trustedProxies = [];
$attributeName = 'ip_address';
$headersToInspect = ['HTTP_X_FORWARDED_FOR', 'x-forwarded-for'];
$app->add(new RKA\Middleware\IpAddress($checkProxyHeaders, $trustedProxies, $attributeName, $headersToInspect));

$ipAddress = $request->getAttribute('ip_address');
print_r($ipAddress);
return;

RETURN:

10.1.2.5

Edit:
I wouldn't worry about it @akrabat I've just chalked this one up to well ... Microsoft being Microsoft. I find it perplexing that they feel the need to include port numbers in the first place. Honestly, I've already gotten used to using $request->getHeader('x_forwarded_for') -- wouldn't be worth the effort to change at this stage.

Thanks for looking into it though mate. Cheers!

from ip-address-middleware.