Remote IP in Azure App Service served over HTTPS for a custom domain

0
votes

My goal is to have an Azure App Service, served from a custom domain over HTTPS. This app receives HTTPS POST requests and should log the remote IP in the process.

I usually get the remote IP address, the IP of the calling client, like this:

HttpRequest request = ...
var IP = request.HttpContext.Connection.RemoteIpAddress;

To have the app served over HTTPS for a custom domain I enabled an azure CDN endpoint.

Now the IP I record is for the CDN server not the calling client.

Is it possible to get the originating IP?

The requests in question are HTTPS POST so CDN caching shouldn't be an issue.

Does the Azure CDN add any headers that could contain such info?

Does adding an SSL cert directly to the App Service change anything?

2
sslazure-web-app-serviceazure-cdn

2 Answers

1
votes

By testing I've found that Azure CDN adds the X-Forwarded-For header with the client's real IP.

The only mention of this header I've found is in Azure CDN documentation mentioning the header as being reserved.

0
votes

This article describes how Azure CDN works, and we could know that user request a file via CDN, if the edge servers in the POP do not have the file in their cache, the edge server requests the file from the origin. The user request does not be sent directly from client user to the origin, so as you seen, it records the IP of the edge server instead of the calling client.