i am using nodejs and express to build a restful webservice with no DB behind, but communicate with diffrent remote restful webservices, and i encountered the following problem,
My server located on US, but i have users from all around the world,
One of my remotes restful services that i am working with, does not support geo querying (not even by ip), and he asked me to do forwarding tcp request to his api, so he'll recogize users geo on his side.
I am using hyper-request as my module for sending request, but relavnet solution with any other module will be helpful. Thanks.
If you want your other remote services to lookup the Geographic data of the IP you will need to proxy the requests with an extra X-Forwarded-For HTTP Header, and they will have to whitelist your server's IP as a trustworthy proxy.
But you cannot spoof your source IP so that it matches your original user's.
Related
I have read many similar questions and found numerous articles elsewhere but I'm still unsure how to solve this.
What I'm trying to achieve:
Set my node app on AWS EC2 up to be able to communicate on HTTPS for free or at the lowest cost possible, while still being production ready.
What I have done:
Added inbound rules on my EC2 instance to accepts all traffic
on HTTP and HTTPS and additionally added a rule for HTTPS on PORT 443
specifically.
Set my node app to listen on port 443.
Most articles I have read recommend setting up a reverse proxy server using NGINX and a custom domain with an SSL certificate.
This leads me to the following questions:
Do I need a custom domain for my backend, for it to communicate on HTTPS?
If yes, can I use my Firebase free domain or a subdomain of it? E.g. https://myapp.firebaseapp.com/ or https://api.myapp.firebaseapp.com/
If yes and no, and I buy a custom domain, can I use mydomain.com for my frontend and api.mydomain.com for my backend - can this be done using the same SSL certificate?
Do I need a reverse proxy server?
I am using the Azure Standard Load Balancer (client -> external lb => firewall => internal lb => server), when my api request gets to the server I need to be able to identify the originating clients ip address.
I have tried to use X-Forwarded-By and some other request headers but it looks like they're either not supported or have been stripped.
I have not been able to find any documentation online pertaining to the issue - does anyone know how I can access the client ip address?
Thanks
It sounds like you are using the LB for a HTTP backend. Thus, its important to understand what LB does - and what not. There are many good articles out there if you search of "azure load balancer vs application gateway". Here is one example which sums it up well:
The Load Balancer is a TCP/UDP load balancing and port forwarding
engine only. It does not terminate, respond, or otherwise interact
with the traffic. It simply routes traffic based on source IP address
and port, to a destination IP address and port.
Thus, it does not add anything to your HTTP headers etc.
So, LB is more like a router than a proxy. If you want the latter, I suggest you look at Azure Application Gateway. This, btw, can include Web Application Firewall. So you might be able to reduce three components into one.
I need to fetch data from external API, which has white-listed IP requirement i.e. API will respond only to white-listed IPs
I have multiple servers in AWS Autoscaling group that needs to fetch data from this external API. I intend to route these request via servers running on white-listed IP (AWS Elastic IPs).
I am trying to use socat:
socat -v TCP-LISTEN:80,reuseaddr,fork,su=nobody TCP:api.external-service.com:80. But getting Invalid URL error.
Is socat the right way to solve this problem? if so then how do I fix this issue?
You could set up a Squid proxy server on the machine with the white-listed IP and route all requests through the proxy.
http://www.squid-cache.org/
I'd like to implement NAT Punchthrough as part of a client application to allow clients to connect to each other when behind a router. I'm hoping to use Azure Mobile Services to accomplish this, but in order to do so, the server needs to save the ip address and port of all incoming connections in a database (so that other clients can lookup the host, and connect back to the client that posted the data).
Is there anyway to acquire this connection (ip address & port) information in the server side scripts? If not, what alternative services exist that'll let me setup an API like this?
Thanks!
I found got an answer on another thread over on the windows azure forums.
Headers are exposed through the mobile services custom api feature. Additionally, azure uses a forwarding machine to route incoming requests to the appropriate vm. This machine is a proxy which saves incoming connection information into the x-forwarded-for http header. Thus, from a custom script, we can query for incoming connection information from the headers. It should be noted that the x-forwarded-for header is supposed to include both the ip address and the port number.
Here's the custom api example given in the other thread.
exports.get = function(request, response) {
var ip = request.headers['x-forwarded-for'];
response.send(statusCodes.OK, ip);
};
The other thread is here: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/a6aa306c-f117-4893-a50a-94418fafc1a9/client-ip-address-from-serverside-scripts-azure-mobile-services?forum=azuremobile&prof=required
For the minute this isn't available. The Azure team are working on increasing the amount of information about the request to the script. As to timescales of when this will be available I'm unsure.
I am trying to log DNS "leaks", in other words the DNS servers used by visitors to my web site.
How does one figure out which DNS server a web request came from to my server (i.e. the getting DNS leaks). This website dnsleaktest.com does it, it knows which DNS server I am coming from? How? It should only be able to know some stats about my browser, and maybe the HTTP referer. How does it know my DNS server?
What is being exploited, used? Or what is the traffic flow from my browser to this server, and where in that flow is dnsleaktest able to get this information?
That's not that easy.
What dnsleaks probably does - they have their own authoritative DNS server, javascript on their websites queries various randomly-generated subdomains of their domain, and on their DNS server they monitor where requests to those randomly-generated subdomains come from.
To do it, you need some domain hosted on your own DNS servers (not servers provided by your registrar or a hosting provider). You need to monitor queries to this server - can be done if you parse your DNS server logs or have your own DNS server software, or if your DNS server provides some API hooks to see the incoming requests. Then you write a script for your sites which queries various subdomains, and tells server-side script on your website which subdomain requests it should monitor. The server-side script in turn talks to the DNS server.
All the above is an unverified guess. I see no other way to do it.