Implement X-Forwarded-For Header to get Real Client IP Address (Who's on)
Idea shared by Jairo Marques - November 24, 2017 at 4:06 PM
Declined
Hi Guys,
 
The X-Forwarded-For (XFF) HTTP header field is a standard method for identifying the originating IP address of a client connecting to a server through any proxy.

Proxies like KEMP LoadMaster, TMG (with a plugin), pfSense and others allows us to give the client's IP to the destination Real Server by inserting an additional HTTP header (called X-Forwarded-For) when L7 is used with non-transparency.

This option of inserting the HTTP header (called X-Forwarded-For) allows the client source IP address to be logged by the Real Server's IIS logs.

My idea is that SmartTrack use this method to catch the real client IP Address and use in Who's On feature.

Something like:

var forwardedFor = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

var userIpAddress = String.IsNullOrWhiteSpace(forwardedFor) ?
    Request.ServerVariables["REMOTE_ADDR"] : forwardedFor.Split(',').Select(s => s.Trim()).First();

4 Replies

Reply to Thread
0
I have the same issue with haproxy in front of SmarterMail for all protocolls.

Please have a look on these feature request.

Thanks & regards
0
Andrew Barker Replied
Employee Post
After internal discussion, we have decided not to implement this feature. Implementing this would run the risk of exposing private IP addresses and could break our IP geolocation functionality.

Andrew Barker
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

0
Thanks for the reply. I can't really see that these are hard arguments to not implement. I'm a datacenter/application design expert for more than 10 years. For an up to date application design fulfilling security aspects a proxy/sec geteway ... is absolutely necessary. Best would be

Proxy/Sec Gateway -> Application/web Server -> Backend Data store

No way to expose an application/http server direct to the internet. Always use something like F5 LBL, haproxy, nginx, apache, IIS. Not to talk ablot load balancing, HA setups and SSL offloading.

To fulfill these major app design rules, it's an absolutely need to implement X-Forwarded-For header (https://tools.ietf.org/html/rfc7239) and the proxy protocoll (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). A lot of applications do so right now!

Without these features, all IP restrictions, protocoll information / geolocation is wothless when using an security based application design.

So I would really appreciate to think about these really necessary feature for the Web and mail services (imap, smtp ...)

Many Thanks and best regards
0
Andrew Barker Replied
Employee Post
Mail Server,

This thread only pertains to SmarterTrack. You can look under SmarterMail for a similar discussion. If you cannot find one, feel free to get one started.

Andrew Barker
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread