3

I am trying to get the users private IP and public IP in an AWS environment. Based on this answer (https://stackoverflow.com/a/46021715/4283738) there should be a header X-Forwarded-For , separated ips and also from forum (https://forums.aws.amazon.com/thread.jspa?threadID=200198)

But when I have deployed my api via API Gateway + lambda + nodejs v8. I have consoled out the JSON for event and context varaibles for the nodejs handler function arguments for debugging (https://y0gh8upq9d.execute-api.ap-south-1.amazonaws.com/prod) I am not getting the private ips.

The lambda function is 

const AWS = require('aws-sdk');
exports.handler = function(event, context, callback){
    callback(null, {
        "statusCode": 200,
        "body": JSON.stringify({event,context})
    });
}

API Gateway Details

GET - Integration Request

Integration type -- Lambda Function

Use Lambda Proxy integration -- True

Function API : https://y0gh8upq9d.execute-api.ap-south-1.amazonaws.com/prod

joyBlanks
  • 6,419
  • 1
  • 22
  • 47

3 Answers3

2

Case-1 : You can not get the private IP of the user for the security reasons(If configured by the user, this is done by NAT or PAT (Network Address Translation or Port Address Translation behind the screen. NAT will add this ip in his table and send the request ahead with the public id or can say router-id).

Case-2: If here your private ip means is if multiple users are using the same public network(WIFI etc). Then again you can define two IPs one is public which is common for all but inside there public network they have another ip which is unique inside that public network.

For example: Let's say there is WIFI with public IP (1.1.1.1). It has two users A and B.Notably, as they are sharing the same WIFI so the router will have only one IP(public and common for all) but inside this router, A and B will have different IPs such as 192.1.1.1 and 192.1.1.2 which can be called as private.

In both cases, you will get only the public IP(At position 0 in X-Forwarded-For header).

You can get X-Forwarded-For header inside event.headers.multiValueHeaders.

If you can access both then what is the benefit of having private and public ip?

To access AWS VPC private subnet as well you have to use NAT and the client will never know the actual IP for the security reasons. I request you to re-review your requirements once again.

Shivang Agarwal
  • 1,825
  • 1
  • 14
  • 19
0

Don't know what makes you stuck in here, correct me if I'm wrong. From Wiki:

The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.

I set X-Forwarded-For in header & test with Postman: https://i.stack.imgur.com/lhSWS.jpg

Nghia Dau
  • 16
  • 2
  • this you are setting it manually. I need the client ip mostly like 192.168.0.100 like this not your localhost ip or any other set manually i want to track computer's lan ip. based on this article https://forums.aws.amazon.com/thread.jspa?threadID=200198 – joyBlanks Dec 10 '18 at 10:29
0

The "X-Forwarded-For" header shows the public ip of the user.

Thats all you get.

Internal IPs are not visible.

Only the "public ip" which is indicated in the header.

DominikHelps
  • 971
  • 4
  • 10