GitHub user senthilnathan-am added a comment to the discussion: Preserve Client
Source IP in Virtual Router
> Hi @senthilnathan-am, Please try capturing "X-Forwarded-For" header sent by
> envoy on your backend server which should have the end-client IP. Due to the
> nature of Kubernetes & depending on the configuration, you'll likely not see
> end-client IPs due to Source NAT being done by nodes and pods acting as
> reverse proxies.
>
> Regards, Jayanth
Thanks for the reply @zap51
I have already used XFF and also enabled real-ip module in the nginx which is
the server running behind istio. Below are the directives used in the
configuration and also provided the sample log.
```shell
log_format main '$http_x_forwarded_for $remote_addr - $remote_user
[$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$remote_addr"';
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 127.0.0.6;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
```
`10.40.0.0 10.40.0.0 - - [16/Aug/2024:07:00:21 +0000] "GET /css/ajax-loader.gif
HTTP/1.1" 404 548 "http://ams.com/css/slick-theme.css"; "Mozilla/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0
Safari/537.36" "10.40.0.0"`
In the above log, you could see both XFF and real-ip headers are showing same
IP which is Weave interface IP not the actual client IP.
GitHub link:
https://github.com/apache/cloudstack/discussions/9529#discussioncomment-10356919
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
