Question
Digital FastForward
US
Last activity: 30 May 2017 15:47 EDT
No IP Address on Requestor Page
We are trying to record the requestors ip address when providing invalid login credentials in custom authentication process however the values are not present in the expected location of pxReqRemoteAddr or pxReqRemoteHost on the pxRequestor page.
***Updated by moderator: Lochan to add SR details***
Digital FastForward
US
Pegasystems Inc.
US
If a user is accessing through a load balancer or a proxy server, those properties you mentioned are expected to be empty: https://community.pega.com/support/support-articles/pxreqremoteaddr-property-null-when-login-using-proxy-server. Can you check the following two properties - also indicate your pega version and how your environment is configured if users are accessing pega instance through a proxy.
pxReqServer and pxReqServerPort
Digital FastForward
US
We are in 7.2 and the instance is hosted on Pega cloud. Currently I am testing this with direct access to the single node dev environment but once in prod we will be using a load balancer. pxReqServer=Apache Tomcat/7.0.73 and pxReqServerPort=443. So as it seems this is working as expected, do we have another way to collect that information for audit purposes?
Pegasystems Inc.
US
On Cloud, you should be able to view the client IP in the x-forwarded-for header even behind proxies but this requires some custom activity code.
You can grab the header in your Code-Security login activity as defined in your Data-Admin-AuthService. Use a property set step where the properties value is:
@java("((javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject(\"pxHTTPServletRequest\")).getHeader(\"x-forwarded\")")
If you want to output to the logfile all the HTTP headers you are getting in the incoming request for debug purposes, use the following in a Java step:
On Cloud, you should be able to view the client IP in the x-forwarded-for header even behind proxies but this requires some custom activity code.
You can grab the header in your Code-Security login activity as defined in your Data-Admin-AuthService. Use a property set step where the properties value is:
@java("((javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject(\"pxHTTPServletRequest\")).getHeader(\"x-forwarded\")")
If you want to output to the logfile all the HTTP headers you are getting in the incoming request for debug purposes, use the following in a Java step:
javax.servlet.http.HttpServletRequest request =
(javax.servlet.http.HttpServletRequest)tools.getRequestor().getRequestorPage().getObject("pxHTTPServletRequest");
//debug
//java.util.Enumeration e = request.getHeaderNames();
//String header = null;
//while (e.hasMoreElements()) {
// header = (String) e.nextElement();
// oLog.infoForced(header + ": " + request.getHeader(header));
// }
Remember to comment this Java step or comment the debug code after you are done with it.
Pegasystems Inc.
US
Thanks David for the detailed instruction. Micah, I saw you opened an SR-B50382. Would David's response sufficient for you? I think so but would like to confirm.
Pegasystems Inc.
GB
As per Kevin's post above:
If you are going to be using a Load Balancer (which is ,amongst other things: a Reverse Proxy); then (at least in all cases of Load Balancer implementations I have seen) the App Server won't be aware of the external IP address of the incoming request; it will see all traffic originating from the Load Balancer.
Do you know if your Load Balancer is able to 'inject' arbitary cookies/HTTP-Headers ? (if it is Apache 'modproxy' for instance : then it can) - you could consider recording the original IP address this in a HTTP header in this way. (say as a cookie 'original-ip-address:xx.xx.xx.xx').
Then on the PRPC side - you *should* (perhaps with a little customisation - I'm not actually 100% sure actually how you would do this) be able to check for the HTTP cookies/Headers and record your audit trail that way ?
Pegasystems Inc.
US
Upon reviewing the associated SR, it has been closed as this is no longer a requirement for you. I'll be closing this to future comments. If you still need assistance or another user has the same question, please open a new post.
Is there somewhere else to retrieve this information? Is there a setting that is causing the values to not be populated?