IP address detection methods¶
IP address detection methods refer to the techniques used to identify the source Internet Protocol (IP) address of a client or user agent, typically within the context of web servers or application security.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)_SSL_certificate_problem.md]
Context¶
The necessity of detecting an IP address often arises during security investigations, such as when analyzing logs to find the "offender" behind malicious activity.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)SSL_certificate_problem.md] It is also relevant when configuring web server software, such as [[Nginx]], where variables must be correctly mapped to security rules.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl(60)_SSL_certificate_problem.md]
Detection Logic¶
Common detection logic involves prioritizing specific HTTP headers over the direct remote address.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)_SSL_certificate_problem.md]
- X-Forwarded-For ($http_x_forwarded_for): This header is checked first.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)_SSL_certificate_problem.md]
- CF-Connecting-IP: If the X-Forwarded-For header is not present, the system checks this header.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)_SSL_certificate_problem.md]
- Remote Address ($remote_addr): If neither of the above headers contains a value, the system defaults to the direct connection remote address.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)_SSL_certificate_problem.md]
In web server configurations like Nginx, this logic is often implemented using the map directive to set a variable (e.g., $real_ip) based on the availability of these headers.^[400-devops__02-OS-and-Linux-Basics__ssl__certificate__curl_(60)_SSL_certificate_problem.md]
Related Concepts¶
- [[Load Balancing]]
- [[X-Forwarded-For]]