I am trying to generate geo location stats in WSO2 V3.0 but I am unable to get x-forwarded-for value in the backed API and I have used the following below code
<property name=x-forwarded-for expression=get-property('axis2','REMOTE_ADDR') scope=transport/>
I am accessing the application like http://IP:port/login and in this case i should get my IP in the backend API but i am always getting localhost IP which is 127.0.0.1.
Related
I'm trying to implement a double HA solution with WSO2AM and WSO2IS as KeyManager.
Actually I have 2 nodes, WSO2AM and WSOIS-KM is installed on each one and works perfectly. Both nodes access and write on the same database.
The issues stars when I try to acces to an application registered on store, from the other node that it was created.
I installed WSO2AM 2.6.0 and IS-KM 5.7.0 on centos environment. Both AM and IS-KS runs on the same node with por offset. I have 2 nodes configured like that.
Example of the issue:
From node 1 I access to store of node 1 and create a new app. I generate the tokens and keys without any issues. After that, I access to the store of node 2, I saw the same application, but when I try to access and view tokens it throw an exception like the OAuth token does not exists or something like that ( I forget to take a proof of that).
I understand that I have to make WSO2AM in HA but I'm not quite sure if I have to deploy WSO2IS as HA and after that convert to KM or what exactly I have to do.
Basically I want to have both roles in HA and both Stores access the same apps with the sames tokens regardless of the node that is sending the request.
You can configure both API Manager nodes (node01 & node02) with IS as Key Manager to achieve your use case.
If you are using only one IS Key manager instance and two API Manager nodes, then it is required to front both the API Manager nodes with a load balancer (HA deployment with sticky sessions enabled & datasources are shared among all the nodes) and configure the API Manager as follows
API Manager Nodes: api-manager.xml (assumption IS-KM port offset 1, therefore 9444)
<AuthManager>
<!-- Server URL of the Authentication service -->
<ServerURL>https://localhost:9444/services/</ServerURL>
...
</AuthManager>
...
<APIKeyValidator>
<!-- Server URL of the API key manager -->
<ServerURL>https://localhost:9444/services/</ServerURL>
...
</APIKeyValidator>
IS Key Manager Node: api-manager.xml
<APIGateway>
<Environments>
<Environment type="hybrid" api-console="true">
...
<!-- Server URL of the API gateway -->
<ServerURL>https://loadbalancer/services/</ServerURL>
...
</APIGateway>
Sample NGINX
upstream mgtnode {
server localhost:9443; # api manager node 01
server localhost:9443; # api manager node 02
}
server {
listen 443;
server_name mgtgw.am.wso2.com;
proxy_set_header X-Forwarded-Port 443;
...
location / {
...
proxy_pass https://mgtnode;
}
}
I try to manage Apache Atlas APIs using WSO2 API Manager, when trying a get request like this for example :
http://{address_IP:port}/atlas/2.0.0-SNAPSHOT/v2/entity/bulk
Postman gives
101503 error connecting to the backend
I just figured out that the production endpoint does not allow Http request.
What shall I do to fix that?
We have our API being managed by WS02 API manager, but there seems to be some issue with the way it constructs the outgoing request into the configured endpoint URL. We see this sort of error from our endpoint when we make a request to the API manager:
Cannot bind to address "http://<HOST>:<PORT>http://<HOST>:<PORT>/<RESOURCE>
The URL is clearly incorrect as it is prepending the host part of the URL twice. We've put a debugging proxy in between the API manager and our endpoint and it shows the outgoing request looks like this:
GET http://<HOST>:<PORT>/<RESOURCE> HTTP/1.1
...
Host: <HOST>:<PORT>
It isn't normal for the host to be included in the first line; that should come from the "Host" header. But as it is, it makes sense we are getting the above error. Note, when we proxy this through something like Nginx, it works fine, but the server we are actually using for our endpoint doesn't like it. I'm guessing Nginx has been written in such a way so that it can resolve this kind of (technically incorrect) request.
We are adding propery 'POST_TO_URI' to our synapse API configuration in order to make the outgoing URL a complete URL [1]. This is useful when sending the messages through a proxy server. You can remove that property by modifying your API in AM_HOME/repository/deployment/server/synapse-configs/default/api/ directory. Remove the below property in your relevant APIs which sending requests to such backend servers.
<property name="POST_TO_URI" value="true" scope="axis2"/>
[1]https://docs.wso2.org/display/ESB460/HTTP+Transport+Properties
I developed a grails app that recognizes the visitors country by using request.remoteAddr. I pushed the app to cloudfoundry and it works well but all the values for remoteAddr are all internal for cloudfoundry like 172.30.49.25 so my app doesn't recognize any country. I tried this address in http://www.ip2location.com/demo - same result.
So the question is: how can I get the actual IP address of the user in the Grails or Java application deployed in CloudFoudry?
You should be able to get this data from the X-Cluster-Client-IP or X-Forwarded-For HTTP request headers.
Something like:
request.getHeader("X-Cluster-Client-IP")
I want to read client's IP address in Django. When I try to do so now with the HTTP_X_FORWARDED_FOR Header, it fails. The key is not present.
Apparently this is related to configuring my Apache server (I'm deploying with apache and mod_wsgi). I have to configure it as a reverse proxy? How do I do that, are there security implications?
Thanks,
Brendan
Usually these headers are available in request.META. So you might try request.META['HTTP_X_FORWARDED_FOR'].
Are you using Apache as a reverse proxy as well? This doesn't seem right to me. Usually one uses a lighter weight static server like nginx as the reverse proxy to Apache running the app server. Nginx can send any headers you like using the proxy_set_header config entry.
I'm not familiar with mod_wsgi, but usually the client IP address is available in the REMOTE_ADDR environment variable.
If the client is accessing the website through a proxy, or if your setup includes a reverse proxy, the proxy address will be in the REMOTE_ADDR variable instead, and the proxy may copy the original client IP in HTTP_X_FORWARDED_FOR (depending on it's configuration).
If you have a request object, you can access these environment variables like this :
request.environ.get('REMOTE_ADDR')
request.environ.get('HTTP_X_FORWARDED_FOR')
There should be no need to change your Apache configuration or configure a reverse proxy just to get the client's IP address.