Preserve Client IP address in Azure API Management with Application Gateway scenario

Question

I have Azure Application Gateway and API Management configured in this setup https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway - Application Gateway is the public endpoint and only defined routes are passed through to API Management.

I want to use the ip-filter policy to restrict calls to certain IP addresses. However when calls are coming through Application Gateway, the original client IP address is lost or obfuscated to IP 0.0.0.0.

Is there a way to keep the original client IP address and pass it through from Application Gateway to API Management?

Alex S Alex S · Accepted Answer · 2019-11-18T19:00:00

You might find this article useful: https://docs.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works#modifications-to-the-request

An application gateway inserts four additional headers to all requests before it forwards the requests to the backend. These headers are x-forwarded-for, x-forwarded-proto, x-forwarded-port, and x-original-host. The format for x-forwarded-for header is a comma-separated list of IP:port.

Preserve Client IP address in Azure API Management with Application Gateway scenario

1 Answers