Request check if is from local subnet

Hello,

flag LocalSubnet is set when using apache proxy. Haven’t tried without proxy.

  1. … is my cellphone ip, so it’s definitely not in local subnet :smile:

How do I check if request is made from local subnet properly?

Tomasz

If the Request was made by an internal proxy it was made from the Local Subnet, we can’t rely on the Custom Headers to determine this as they can be spoofed.

You can check if the RemoteIP is in the Local Subnet with:

var isLocal = HttpRequestExtensions.IsInLocalSubnet(IPAddress.Parse(req.RemoteIp));

I know it’s an old thread, but my question is related.

How servicestack resolves RemoteIp in reverse proxy scenario?

First case: we have reverse proxy set (on apache) in our docker environment and servicestack correctly detects RemoteIp.

Schematic: Client (RemoteIp) -> Docker Proxy (ProxyIp) -> ServiceStack

I have checked what is sent using Wireshark - request comes from ProxyIp, RemoteIp is in X_FORWARDED_FOR.
IRequest.RemoteIp == “RemoteIp”

Second case: Our client set up reverse proxy on nginx.

Schematic: Client (RemoteIp) -> NginxProxy (NginxIp) -> Docker Proxy (ProxyIp) -> ServiceStack
IRequest.RemoteIp == “NginxIp, RemoteIp”

I can’t find differences between our Apache2 and nginx behaviour. Both are reverse proxies, but I don’t have access to nginx configuration.

It seems that both Apache2 and nginx send X_… headers.

Is there trusted proxies configuration in servicestack?

Have a look at the source code for AspNetRequest for the different HTTP Headers ServiceStack looks at to determine the Remote IP.

If you need finer-grain control you can access ASP.NET’s HttpRequestBase directly with:

var aspReq = base.Request.OriginalRequest as HttpRequestBase;