Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Need remote address/IP from a scoped Scripted REST API

Brian Workman
Tera Contributor

Thursday

Hi there! I'm looking for a way to get the remote address/host in a scoped Scripted REST API that doesn't rely on spoofable headers or a global shim. This seems like it should be fairly easy to inspect, since a called host knows what's connecting to it. What part of the Scripted API system provides the ability to give that information:

Requirements:

1. Not a global script include shim
2. Not using request.headers['x-forwarded-for']
3. Not using GlideSession (since you need an authenticated session)

Ideas?
0 Helpfuls
  • 288 Views
2 REPLIES 2

Tanushree Maiti
Kilo Patron

Thursday

Hi @Brian Workman 

 

You can try with it:

gs.log("IP address: " + request.headers["x-forwarded-for"], "HEADERS");

 

OR

var reqHeader = request.headers;

var jsonObj = new JSON();

var headerStr = jsonObj.encode(reqHeader);

 

 

 

 

gs.log('headers'+headerStr);

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls

lauri457
Tera Sage

Thursday

What are you doing with the ip? If it's for whitelisting you could use rest api access policies.

 

Unauthenticated transactions will still have a jsessionid and will just use the guest user as a proxy. You can get the session id in a scoped script with gs.getSessionID(). With the sessionid it should be trivial to get the ip from the transaction log but the transaction is not logged before the transaction is finished. Maybe it's possible on the fly from somewhere else.

 

0 Helpfuls