I need to whitelist the IP of my consuming application.
I’m not able to see my client IP in the incoming X-Forwarded-For request header. The only IP’s I see are my Apigee architecture component IP’s.
As per Apigee docs:-
The Access Control policy evaulates the IP addresses in the X-Forwarded-For HTTP header. Edge automatically populates that header with the IP address it received from the last external TCP handshake (such as the client IP or router). If there are multiple IP addresses in the header, the trusted, auto-populated IP is the last one listed.
This is clearly not happening. I have enabled property feature.enableMultipleXForwardCheckForACL as well. This setting also didn’t work.
Is there any other way to do apart from relying on this header alone as my consumer cannot implement MASSL?
@Arunava Paul I am guessing this is on-premises. If you have a load balancer sitting in front of the routers, please check if your load balancer is configured with http or tcp passthrough mode. If you are having a load balancer with tcp passthrough mode, you would not see the client ip, instead you would see the internal ip of your load balancer. Is that how your setup is configured ?
I checked with my server team. They confirmed load balancer is in ssl offload mode and it can’t be changed as of now. Any alternatives to see the client IP in Apigee environment?