- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2019 04:36 PM
I'm using a scripted rest API and in my script I would like to log the request source IP and possible perform source Ip address filtering (as the use case for this interface I do not want to enforce authentication), as well as other logic based on source IP address of the request.
Since I'm not enforcing authentication, I cannot use session:
gs.getSession().getClientIP().toString();
That does work in the script, but only for authenticated sessions. I really want to pull this from request object ideally, on a per-request basis versus per-session.
Any thoughts?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2019 08:35 PM
If I remember correctly it should be possible to grab the ip address with the "x-forwarded-for" header.
For example in your scripted REST script doing this: request.headers["x-forwarded-for"]
Log it by something like this: gs.log("IP address: " + request.headers["x-forwarded-for"], "HEADERS")
But if this is to replace authentication it may not be a good idea as headers can be spoofed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2019 08:35 PM
If I remember correctly it should be possible to grab the ip address with the "x-forwarded-for" header.
For example in your scripted REST script doing this: request.headers["x-forwarded-for"]
Log it by something like this: gs.log("IP address: " + request.headers["x-forwarded-for"], "HEADERS")
But if this is to replace authentication it may not be a good idea as headers can be spoofed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2019 08:23 AM
Thanks Chris! I updated my script to log IP using x-forwarded-for header (spoofable) and changed authentication to use an API key.
