Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When running on App Service the wrong client IP is reported #1805

Closed
derkoe opened this issue Jul 21, 2021 · 4 comments · Fixed by #1810
Closed

When running on App Service the wrong client IP is reported #1805

derkoe opened this issue Jul 21, 2021 · 4 comments · Fixed by #1810
Labels
Status: Fixed
Milestone
3.2.0-BETA.2

Comments

@derkoe
Copy link

derkoe commented Jul 21, 2021

Expected behavior

We are using the App Insights Java agent on App Service and have IP masking turned off. The expected behavior is that "request" logs should include the correct client IP in the field client_IP.

Actual behavior

The field client_IP is filled with one of the outbound IP addresses of the app service.

To Reproduce

Steps to reproduce the behavior:

Sample Application

https://github.com/derkoe/snoop

System information

Please provide the following information:

  • SDK Version: alr_java:3.0.4-BETA (auto injected by App Service, also tried manually with 3.1.1
  • OS type and version: Linux
  • Application Server type and version (if applicable): App Service, Spring Boot
  • Using spring-boot? Yes
  • Additional relevant libraries (with version, if applicable): -

Logs

applicationinsights.log
applicationinsights-extension.log

Screenshots

Bildschirmfoto 2021-07-21 um 21 46 20

Additional Info

We are also running apps on Kubernetes with nginx-ingress where we get the correct address in client_IP
@ghost ghost added the Needs: Triage 🔍 label Jul 21, 2021
@derkoe
Copy link
Author

derkoe commented Jul 21, 2021

It seems that the problem is with the "X-Forwarded-For" header. Azure App Service send the port and the IP address in this header - other load balancers and proxies only the IP address.

  • Azure App Service: X-Forwarded-For: 183.13.21.23:56155
  • NGINX/HAProxy: X-Forwarded-For: 183.13.21.23

The agent (or App Insights itself) cannot parse the IP:Port combination and uses the App Service IP in the logs as a fallback.

When I add a X-Forwarded-For to the request to the app service this IP shows up in the logs:

curl -H "X-Forwarded-For: 1.2.3.4" https://poi-snoop.azurewebsites.net/

Bildschirmfoto 2021-07-21 um 22 03 22

@trask
Copy link
Member

trask commented Jul 22, 2021

@derkoe great finding! we'll target this for the next release

@trask trask added this to the 3.2.0-BETA.2 milestone Jul 22, 2021
@trask
Copy link
Member

trask commented Jul 22, 2021

Submitted fix upstream, will pull in here shortly open-telemetry/opentelemetry-java-instrumentation#3651

@trask trask mentioned this issue Jul 23, 2021
Merged
@ghost ghost added the Status: Fixed label Jul 23, 2021
@trask
Copy link
Member

trask commented Aug 4, 2021

this should be resolved now in 3.2.0-BETA.2

@ghost ghost locked as resolved and limited conversation to collaborators Sep 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Status: Fixed
Projects
None yet
Milestone
3.2.0-BETA.2
Development

Successfully merging a pull request may close this issue.

Bump submodule microsoft/ApplicationInsights-Java
2 participants
@derkoe @trask