X-Forwarded-For not working in SaaS
#2450
Comments
|
This was an attempt to emulate a tunnel setup, as discussed here: getsentry/sentry-javascript#5798 (reply in thread) |
|
@beezz could we get some help on this one, please? I vaguely remember that we do not pass this header through for a reason, but I cannot find documentation on that. Note: We need to apply the same policy to |
jan-auer
added
question
|
Synced offline - created an OPs ticket here for the SRE folks to investigate further. https://getsentry.atlassian.net/browse/OPS-3823 |
|
We'll track this in the OPS ticket above. |
|
@iker-barriocanal sorry, can you keep this open until your internal tracker resolves the issue? I am unable to subscribe to notifications on your internal tracker, and it appears this is closed as resolved. |
|
Does that mean this hasn't been fixed yet? I was just about to test it out. |
|
Let's re-open - I'll take care of updating with the OPs tickets. |
|
Hey, thanks for your patience everyone. We've made the changes in our SaaS infrastructure to now support We've also added support for using a proprietary header |
|
Hello, sorry for bringing back an old issue, but I am having trouble with getting real user IP to save in my tunneled Sentry errors/messages while using Cloudflare as a proxy for my NextJS application. The problem is that Cloudflare replaces the "X-Forwarded-For" header with its own server IP and the real user IP is under "CF-Connecting-IP" header. I have tried using a middleware for my Sentry tunnel endpoint to replace the request's and response's "X-Forwarded-For" and "X-Vercel-Forwarder-For" as well as "X-Sentry-Forwarded-For" with the value of real user IP, however Sentry still keeps storing the cloudflare IP instead. Would it be possible to add this "CF-Connecting-IP" as a priority header so that Sentry can automatically grab its value instead of the others if it exists? I will keep trying to replace it somehow in the middleware in the meantime, but it would be much easier if Sentry did it automatically. |
|
@szwabodev please open a new GH issue - we can take a look! |
|
@szwabodev have u opened a GH issue? could u please share the link? Im also experiencing proxy IP instead of client IP in sentry |
Hey, yes it was reported here: #3493 Looks like it should be handled already, but I just checked 2 of my latest errors from 7.113.0 SDK version and it still has cloudflare IP in user context instead of real one. I will comment on the linked issue about it. |
|
This still looks the same. |
|
@reyoucat A lot has changed since we made this fix, there could be a different root cause here. Could you open a new GitHub issue in the Sentry repo that describes your setup and why the forwarded for header is not working? https://github.com/getsentry/sentry. |
Steps to reproduce:
Sending the following in my local dev environment:
curl -v http://localhost:8000/api/2/envelope/ \ -H X-forwarded-for:4.4.4.4 \ --data-binary '{"dsn":"$SENTRY_DSN"}\n{"type": "event"}\n{"user": {"ip_address": "{{auto}}"}}'Results in
However, the same does not work for SaaS (ignores the
X-Forwarded-Forheader):curl -v https://o123.ingest.sentry.io/api/2/envelope/ \ -H X-forwarded-for:4.4.4.4 \ --data-binary '{"dsn":"$SENTRY_DSN"}\n{"type": "event"}\n{"user": {"ip_address": "{{auto}}"}}'The text was updated successfully, but these errors were encountered: