I have logging on my website, and i see logs for different people (with different UserAgent strings).
I'm sure, that they have different ip, but all the log records having the same ip.
I use request.remote_ip to store it in DB.
I don't have Apache as front-end. I just have Mongrel.
The question is - Why they are the same ?
If both users are behind the same proxy server or use the same internet provider, they may appear to have the same IP address. The IP that is seen at the web server is not the IP address of the individual PC, it's the address of the connection being used.
If you are using a load balancer, particularly a non-transparent load balancer, your server will see the IP address of the load balancer. Often times the load balancer will throw the the original remote ip address into a HTTP header.
Related
So here is my issue, I have a website hosted from a virtual machine on my server and am using a dyndns service to point a url to my IP. My ISP recently set up a new modem which unfortunately has its own built in gateway and router. After fighting it to forward port 80 I tested it by trying to navigate to the site via the URL and it didn't work, then I tested it on my phone connected to cell data network and it worked! I am able to visit the site via the URL as long as I am not connected to my network. i find this very weird and cannot figure out why.
I am able to view the site on my network by typing in the local IP of the server.
Any suggestions why this might be occurring?
Yes, this is a pain. Usually your modem won't route traffic from inside that's destined for its public IP address.
When you come from outside, the traffic hits the modem from the external line, and the port forwarding rules get applied, and the traffic reaches your web server. But those port forwarding rules don't get applied to internal traffic. You're trying to browse the web server on the modem, rather than on your server.
I did once find a modem that allowed forwarding of internal traffic, but that was a long time ago, and I haven't see one like it since. What I do these days is to use the internal address when I'm on the internal network, and the external address when I'm not. For things that get scripted, I have a little function that determines whether I'm on my local network or not, and programmatically chooses the right way to address the server.
This is because your router does not support hairpinning (or does not have it set up).
From Cisco Support Community:-
The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.
Visualize this and you see something that looks like a hairpin.
Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.
The problem is how you are doing your internal routing DNS.
You can do DNS Lookup and trace route to see where the Website name is not resolving and whether if you ping the domain e.g. ping something.com return the public IP.
I resolved ours by doing policy routing on website FQDN to go through a different WAN. It's working fine. This works for those with different WAN terminating at the site.
The other way is redo the DNS configuration in internal network.
When using https, the request.remote_ip returns 127.0.0.1. This prevents geocode lookup.
Is there a way to get the correct remote IP?
I have seen a few possible workarounds:
request.env['REMOTE_ADDR']
request.env['HTTP_X_FORWARDED_FOR']
which return 10.102.1.1
request.env[‘HTTP_X_REAL_IP’]
which returns ""
It turns out this is a limitation of the way the server at ninefold is set up.
"Since our Rails stack is Apache Passenger, the client side IP headers are actually stripped off when they pass through the HA Proxy load balancer. In the CItrix implementation of this service, we are unable to pass those headers through to the rails app. At this stage its not possible to access the remote user's IP address."
As a possible work around, you could use a service like Fastly to do your load balancing, then point it directly at your app servers' IPs to bypass HAProxy on Ninefold. You'd get a nice, fast CDN in the process too.
Given the following URL: htttp://domain/index.php, where index.php is the main webpage in a joomla server. I want to get the URL with the IP format, http://IP/index.php. I've tried that with several Joomla servers without success. What is it happening?
I will try to keep this answer simple, yet understandable.
The relation between Internet domains and IP address is not necessarily one-to-one.
In shared hosting, a single IP address may be used by several domains (or hostnames).
A Host header, which is a part of the HTTP standard, is sent with the HTTP request. This allows the server to determine which site to serve.
When you are trying to access a domain for which you don't know the IP, DNS lookup is performed, which provides the requested IP address.
A HTTP request is then sent to that IP with a Host header with the hostname (which contains the domain name).
If you are trying to access the ip directly, for example by typing in a web browser's address bar, the value of the Host header will be the IP itself and the server will have no indication what domain you actually want.
It is possible to set up a default behavior for cases where the IP address is directly accessed, but it is highly likely that a shared host will not allow you to set it yourself.
I'm using the Play Framework which uses http://localhost:9000 by default. I'm also trying something with Twitter and it needs to use a callback url for authentication, but Twitter won't accept http://localhost:9000 as a callback URL.
How can I configure my localhost to map to something like http://mylocal.loc, (similar as with an Apache vhost), instead of http://localhost:9000?
The problem is that the URL needed to be entered in the following format:
http://127.0.0.1:9000/twitter-callback
The above works perfectly as a Twitter callback address.
Twitter isn't trying to access localhost directly, it simply takes the above address as far as I understand, sticks it into the HTTP response header, prompting whichever browser being used to perform a straight forward 302 redirect.
The following blog post had some invaluable information in regards to this question:
http://www.tonyamoyal.com/2009/08/17/how-to-quickly-set-up-a-test-for-twitter-oauth-authentication-from-your-local-machine/
The reason that twitter can't use localhost as a callback url is because localhost is a redirect to your computers loopback interface. In other words, localhost is always the computer that you're on. In order for other computers (including twitter) to access your host, you need to use an external IP address, or a hostname.
To get your IP address, visit whatsmyip. This will tell you your external IP address (which other computers on the internet can access). If you have a static IP address, you can purchase a domain name, or get a free one from something like no-ip or dyndns to make it easier to remember and type. You'll need to point a DNS record from that domain to your IP. You'll also probably need to do some port forwarding and stuff to get it to go to your computer on port 9000, rather than your router (dependent on your network setup).
Possibly an easier option would be to obtain a free hosting/domain service whilst you're testing.
EDIT: josef's problem was not related to the absence of internet access to his local server, see his own answer for what was going on and a solution. This answer handles the case where a local server needs to be visible from the internet.
localhost, aka 127.0.0.1 is the name that on each computer points to the computer itself. So Twitter looks at itself, obviously doesn't see the service, end of story.
If your computer is connected to a local network, most likely that network is NATed and using private addresses like 192.168.x.x, 10.x.x.x or 172.16x.x.x. These addresses are private (not known outside of the local network because not routed on the internet), so that doesn't help you either.
What remains is your public IP address, ie the address your router gets from your ISP. Via DNS you can map that address to a name, a free service that allows you to map a fixed name also to a variable address is DynDNS.
But wait, there is more! Your router protects your network by not allowing traffic originating OUTSIDE the private network IN, unless you define some forwarding rule in the router, in your case a rule that forwards incoming tcp traffic on port 9000 to your machine's port 9000.
Once all that has been taken care of, your computer will be accessible from the outside, and your callback should work.
Edit your hosts file and add the following line:
127.0.0.1 mylocal.loc
For Windows, it is located in C:\Windows\System32\drivers\etc\. On *nix, you can find it in /etc.
I'm developing an application where it seems likely that people will attempt to hide what their client IP address is behind a proxy server.
Is there a unified way to get what the actual client IP Address is behind the proxy? Looking at the Ruby docs, it explicitly states that
request.remote_ip
and
request.remote_addr
both would return the proxy address and not the actual client IP and I'm thrown by the "may contain" descriptions in the rest of the HTTP headers.
It depends if the proxy supports X-Forwarded-For. I'd run some tests to be sure that remote_ip isn't what you're looking for - based on a quick glance at the code it attempts to read the HTTP_X_FORWARDED_FOR header.
I'm typing this from a machine that's behind a proxy. I'm not "hiding", it's how my organisation (and most others large enough to have a server) works. I don't have a fixed IP address: it's allocated dynamically. So I can't see how knowing my "current" IP address is going to help, since it'll be different tomorrow. Heck, I may be connected via a different proxy tomorrow (I work for a large organisation)!
At home, I have several machines connected through a router. Again, I don't have a fixed IP address: it's allocated dynamically by my ISP. It's a large ISP, so there's probably a proxy server somewhere upstream.
So I think what you want is not technically possible. What kind of application would make it "likely that people will attempt to hide what their client IP address is" anyway? What problem are you trying to solve?