Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`Sentry.Tunnel` doesn't include `X-Forwarded-To`

See original GitHub issue

Summary

A high level overview of why we supply tunnelling in Sentry is described in NextJS: Using the tunnel option.

I’m assuming we’re doing something similar in our .NET backend… so to prevent ad blockers etc. getting in the way of sending data to Sentry, your Angular front end is sending these to your back end (which is sitting on host that’s allowed by the CORS policy) and the back end then forwards those events to Sentry on behalf of the Angular SPA?

Assuming I’ve followed along so far, our tunnelling logic then needs to get the user’s IP address (i.e. the ip:port of the machine calling the tunnelling endpoint) and use this value to set the X-Forwarded-For header when forwarding requests.

References

Similar to what’s discussed here: https://forum.sentry.io/t/real-client-ip-with-sentry-nextjs-tunnel/15438/2

Issue Analytics

State:
Created 2 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

bruno-garciacommented, Aug 11, 2023

@bruno-garcia I’m wondering how best to reproduce this. I figured I’d try to get Nuget Trends running locally. This seems to require a Postgres DB but the latest dump isn’t available at contrib.nugettrends.com/nuget-trends-contrib.dump (I get a connection timed out from cloudflare for that URL).

Yeah sorry, tracked here: https://github.com/dotnet/nuget-trends/issues/207 DBs are generatad but not getting served, I’ll look at it

btw: I can’t see anything in the history for SentryTunnelMiddleware.cs that would have caused a regression.

I think this never worked, it’s not regressed. What changed was NuGet Trends using tunneling.

0reactions

bruno-garciacommented, Aug 11, 2023

https://github.com/getsentry/sentry-dotnet/blob/d4dda091cd4bc957d2b5f582fd3b3e83f9b157ab/src/Sentry.AspNetCore/SentryTunnelMiddleware.cs#L89-L93

This is using the client’s connection IP and setting that as X-Forwarded-For. But it’s not taking into account if that connection is already a proxy (I use Cloudflare), that itself includes X-Forwarded-For.

context.Connection?.RemoteIpAddress?.ToString(); might take that into account if the app has but there’s some considerations:

Forwarded Headers Middleware default settings can be configured. For the default settings:

There is only one proxy between the app and the source of the requests.

Got this from: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0

Top Results From Across the Web

Real Client IP with @sentry/nextjs tunnel? - SDKs

The resulting X-Forwarded-For header I'm sending contains the real client IP in the first position. However, that doesn't seem to change its ...

Configuring Standalone Sentry for AppTunnel

Enter the port that MobileIron Core will use to access the Standalone Sentry. The default is 9090. Enable AppTunnel. In the Standalone Sentry...

Envelopes | Sentry Developer Documentation

This document defines the Envelope and Item formats used by Sentry for data ingestion, forwarding, and offline storage. The target audience of this...

Request header field Access-Control-Allow-Headers is not ...

I have come across CORS issues multiple times and can usually fix it but I want to really understand by seeing this from...

Access Control - Cisco Meraki

Systems Manager Sentry enrollment requires that the connecting device be enrolled within one of the Organization's System Manager networks ...