Azure Application Gateway and Api Management: Preserve client IP address

Preserve client IP address when using API management and Application Gateway
Banner Image Azure Application Gateway and Api Management: Preserve client IP address
Publié par phnogues le octobre 29, 2024

When using a Front with Azure Api Management, the IP address returned is that of the front, not the client. With the implementation of an Application Gateway, it is the IP (v6) of the app gateway which is transmitted to API Management.

What's the problem? A problem arises if we wish to restrict IP at the API management level.

Solution :
Application Gateway
Propagate the client IP from the APP Gateway to API Management using a redirect.
Add this rule in Rewrites / Rewrite rule:

Pay attention to the naming of the variable "var_client_ip"

Api Management
Modify the ip-filter filter rule with a check-header rule:

<set-header name="X-Forwarded-For" exists-action="override">
		<value>@{
				string xForward = context.Request.Headers.GetValueOrDefault("X-Forwarded-For");
				return xForward.Contains(",") ? xForward.Split(',')[0] : xForward;
				}</value>
</set-header>
<check-header name="x-forwarded-for" failed-check-httpcode="403" failed-check-error-message="Unauthorized" ignore-case="true">
		<value>ipX</value>
		<value>ipY</value>
</check-header>
Azure
Azure

Commentaires :