Since the CDN Networks and Secure Web Gateway to grow in terms of practical application, it is even more difficult, the customer to obtain -IP all the way to the last leg. We get this question often. We addressed directly in this 2012 blog post: (/ blogs / 08.31.2012 / using-tcp-options-for-client-ip-insertion /). What we cover not like the actual implementation of this concept was as how to read the IP address of incoming TCP options and paste them into the HTTP header go server / app to backend.
using TCP options, the original client IP and also you preserve them through the current has a common use case be
is used in most cases while NetScaler as a reverse proxy we sit close to the server site on the web and so we are going through the last proxy request. In the back end, the original client IP it is necessary to obtain from the logging, compliance and application perspective. Therefore, NetScaler is the logical place where you can get the IP from TCP options and in the HTTP header inserted into the back-end server / app go. Here is an example of rewrite policy / action that reaches the same for you.
Add Rewrite action Insert_Client_IP insert_http_header X-Forwarded-For "CLIENT.TCP.OPTIONS.TYPE (0x1c) .GET_SIGNED32 (1 BIG_ENDIAN) .TYPECAST_IP_ADDRESS_AT"
[1945006Add] Rewrite policy Check_TCP_Options "CLIENT.TCP.OPTIONS.TYPE (0x1c) .EXISTS && CLIENT.TCP.OPTIONS.TYPE (0x1c) .GET_UNSIGNED8 (0) .EQ (1)" Insert_Client_IP
here the policy looks for TCP option "28" and provides the proxy version is "1"
This is the normal way in which we expect the client IP are in the TCP radio button inserted , Once the policy is taken, action is invoked, the reads and adds the value of radio button in IP address form. It is quite efficient to do this conversion and insertion in the same action, the policy framework in infrastructure NetScaler is only possible with advance. Now this policy can be bound to each VServer or disable globally on the basis of need.
There are certainly many other examples of complex task done in such a simple manner by the policy and the related infrastructure in NetScaler.
0 Komentar