Collecting User IP Addresses

If you use the client's IP address for things like Geo targeting or fraud detection you need to make sure that your system receives the actual end user's IP address (as compared with the CDN or any other proxy IP address).  

If you are not already doing so, making sure your site is serving the correct content based on the actual client IP address is quite simple and requires no code changes.

There are a number of ways to receive the actual client IP address.   Below is how you can do it on IIS7 without changing any code.

How to get the client IP address in IIS7

See some community commentary at http://forums.iis.net/t/1161084.aspx/1

  1. Check if you have the URL Rewrite module installed.  If it is installed you will have a URL Rewrite icon in IIS when you select your site. If you do not have this installed already, navigate to this page on your server and click the "Install this extension" button, or run the Microsoft Web Platform Installer and find the URL Rewrite module in there.
  2. Allow the REMOTE_ADDR header to be overwritten. In IIS, select your site then double-click on IIS Rewrite. Click the 'View Server Variables' link in the right sidebar.  Click the 'Add...' link in the right sidebar.  Enter REMOTE_ADDRand click 'OK'.  Click 'Back to rules' in the right sidebar. 
  3. Add the rewrite rule to update the remote address. Open the root web.config of your site. Under <system.webServer> find if there is a <rewrite> section. If there is a <rewrite> section, add this under the <rules> sub-section:
    <rule name="Replace REMOTE_ADDR with X_Forwarded_For" enabled="true">
      <match url="(.*)" />
      <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
      <add input="{HTTP_X_Forwarded_For}" pattern="\b((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))\b" />
      </conditions>
      <serverVariables>
        <set name="REMOTE_ADDR" value="{C:0}" />
      </serverVariables>
      <action type="None" />
    </rule>
    <rule name="DefaultDocRewrite" stopProcessing="true">
      <match url=".*" />
      <conditions logicalGrouping="MatchAny">
        <add input="{URL}" pattern="^/$" />
        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
      </conditions>
      <action type="Rewrite" url="{R:0}/Default.aspx" />
    </rule>

How this works

The Request.UserHostAddress will be updated to the client's actual IP address by the IIS Rewrite Module. If the value of the X-Forwarded-For header is an IP address it will replace the REMOTE_ADDR server variable with the X-Forwarded-For value, which .NET uses as the Requst.UserHostAddress. There is a known conflict with the URL Rewrite module and the Default Document module, discussed here. The second rule duplicates the behaviour of the Default Document module and preserves the work of rewriting the REMOTE_ADDR server variable.

Testing

It's easy to test to see if you are getting the right IP address.

Using Chrome, install the Change HTTP Request Header plugin: https://chrome.google.com/webstore/detail/change-http-request-heade/ppmibgfeefcglejjlpeihfdimbkfbbnm?hl=en

Using this plugin you can quickly type different IP addresses into the X-Forwarded-For header to simulate users from different locations.

Here are some IP addresses to can use:

Country/Region IP Address
Australia

117.53.165.251

United Kingdom

83.138.148.194

United States

96.255.249.1 

Have more questions? Submit a request

Comments

Powered by Zendesk