Azure API管理-当APM落后于WAF时如何获取原始IP [英] Azure API Management - How to get original IP when APM is behind WAF
问题描述
我们有以下技术堆栈
- Imperva WAF
- API管理
- WebApp中的WebApi
这是当前的实现方式
- 客户端IP在WAF级别进行了身份验证
- WAF IP已在APIM上列入白名单
- APIM IP已在WebApp级别列入白名单
一切正常,并按预期进行.
Everything is working fine and as expected.
现在,当我去APIM->分析->请求时,我看到WAF IP列在这里,而不是客户端IP.因此,在这种情况下,我们将无法跟踪谁在使用什么
Now when i went to APIM -> Analytics -> Request, i see WAF IPs are listed here and not the client ones. So in this case we will not be able to track who is using what
我知道我们可以选择通过订阅密钥进行跟踪,但这还不够.
I know we have option to track thru subscription key, but that is not enough.
有人可以建议如何配置以获得正确的IP吗?
Can anybody please suggest how to configure to get correct IPs?
推荐答案
向Microsoft提出支持请求后,我们得到了想要的东西
After raising support request to Microsoft, we got what we want
这就是我们的成就
- Imperva WAF调用APIM端点时,还会在标头中传递Incap-Client-IP
- 在APIM中-> API->所有API->设置->在App Insights的请求日志中输入要添加的标头属性
- 在请求日志下->自定义维度->您可以看到InCap-Client-IP属性已添加到App Insights中
- When Imperva WAF calls APIM endpoint, it also passes Incap-Client-IP in header
- Within APIM -> APIs -> All APIs -> Settings -> Enter header property you want to add in request log of App Insights
- Under request log -> custom dimension -> you can see InCap-Client-IP property is added in App Insights
现在我们可以将其导出为csv格式,并可以根据客户端IP跟踪使用情况.
Now we can export this in csv format and can track usage based on client IP.
这篇关于Azure API管理-当APM落后于WAF时如何获取原始IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
