Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

APM server behind a proxy

See original GitHub issue

I think this would be a common usecase, where the APM server is behind a proxy (in my case, Cloudflare). In which case, user IP is unavailable and we have to rely on custom headers; is there any provision of setting a custom header to be considered as user IP at the APM server or make the RUM agent set a custom header? In case of Cloudflare, they set the real user IP in the header ‘True-Client-IP’.

Edit: It’d be nice if we could it set it during client init as well. e.g.

initApm({
	environment: window.location.hostname,
	serviceName: 'my-app',
	serverUrl: 'https://apm.example.com',
	serviceVersion: getAppVersion() || 'v0.0.0',
	distributedTracing: true,
	distributedTracingOrigins: [
		'https://api.example.com'
	],
	XFFHeader: {
		key: 'X-Forwarded-For',
		value: '127.0.0.1'
	}
})

ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For

In this case, if the value is provided, then it shall be set as value in request header. The APM server should be configurable or should understand that it should pickup user IP from this header.

Issue Analytics

State:
Created 3 years ago
Comments:8 (5 by maintainers)

Top GitHub Comments

2reactions

axwcommented, Nov 17, 2020

@bnkamalesh OK, thanks for the additional context.

Given that we already support Forwarded, X-Forwarded-For, and X-Real-IP, I think folks are pretty well covered at the moment.

Unless there is a clear need, I would prefer not to add another option. If it turns out there is a need to handle True-Client-IP (or other headers) instead of one of the other more common headers mentioned above, I’d be happy to learn more and consider adding an option.

0reactions

axwcommented, Nov 18, 2020

Ok this might sound silly, but if all 3 are set. I presume it’d pick 1 based on some precedence, right?

Not at all silly!

Indeed, the server will pick the first of Forwarded, X-Real-IP, or X-Forwarded-For in that order. See also: https://github.com/elastic/apm-server/blob/b3759fcc5cbdfb316634eeb81e43274c5fc9354e/utility/remoteaddr.go#L32-L45

Top Results From Across the Web

Configuring agents to communicate through a forward proxy

When a forward proxy is used, the agent first opens a TCP connection with the proxy. The agent sends an HTTP CONNECT request...

Anonymous auth configuration options | APM User Guide ...

Using a proxy allows you to clear any existing IP-forwarding HTTP headers, and replace them with one set by the proxy. This prevents...

Manual Chapter: Forward Proxy Chaining with APM - AskF5

In a forward proxy chain, Access Policy Manager (APM®) selects the next hop proxy server, and interacts with it and resource servers behind...

Proxy support #782 - elastic/apm-agent-dotnet - GitHub

My employer has a proxy that outbound traffic is routed through. Unfortunately, the .NET agent doesn't seem to support proxy credentials ...

https://raw.githubusercontent.com/elastic/apm-serv...

#hosts: # - http://remote-apm-server:8200 # Remote apm-servers' ... Contents of the header # Proxy server url #proxy_url: http://proxy:3128 # The number of ...