Open Closed

ABP Audit Log capturing wrong IP address of client #9003


User avatar
0
Bryan-EDV created

I've already seen this ticket: https://abp.io/support/questions/7304/Ip-address-in-audit-logs-not-client%27s-ip-address

I've confirmed X-Forwarded-For is correct

I've done the following code changes In EduverseHttpApiHostModule in OnApplicationInitialization

In EduverseHttpApiHostModule in ConfigureServices

Audit logs still showing wrong IP address


11 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    You may need to configure your web server. Can you explain how your project is deployed?

  • User Avatar
    0
    Bryan-EDV created

    we have deployed the FE stack on Cloudfront + s3. This connects via Application Load balancer to backend stack which is on Elastic Container Service.

    Note that in the example I gave, I called the endpoint from the Swagger UI.

    Also the X-Forwarded-For header showing a valid IP address is the exact same request which was logged by Audit Log (which recorded a loopback IP address). I would assume that the IP address would be taken from that X-Forwarded-For header.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    This connects via Application Load balancer to backend stack which is on Elastic Container Service.

    Hi,

    In addition to configuring the ASPNETCore application, you need to configure the web server(load balancer)

    See

    • https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-9.0
    • https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-proxy-protocol.html
  • User Avatar
    0
    Bryan-EDV created

    the ALB is already configured to set X-Forwarded-For header as the client's source IP address. That is why the X-Forwarded-For header is showing the correct IP as shown:

    What further configuration is needed?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Could you share your EduverseHttpApiHostModule code? thanks.

  • User Avatar
    0
    Bryan-EDV created

    Sure, will share the code privately via email

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    My email is shiwei.liang@volosoft.com

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I checked your code, you put the forward headers middleware at the end of the pipeline. that's why it's not working.

    You can try moving it under UseCookiePolicy

    See the document https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-9.0#forwarded-headers-middleware-order

  • User Avatar
    0
    Bryan-EDV created

    great catch, it works now. thank you.

    on a separate note, I would like to unlock a ticket to add more comments: https://abp.io/support/questions/8778/Language-Text-changes-to-be-platform-wide

    are you able to help me with that?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    okay, unlocked.

  • User Avatar
    0
    Bryan-EDV created

    greatly appreciated, i think we can close this ticket, many thanks

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.3.0-preview. Updated on April 16, 2025, 12:13