I have the following code:
string ip = Request.ServerVariables["REMOTE_ADDR"];
Which, in the test environment does return the user IP addrress, but when we deploy the website to production, this variable has the IP of the server where the application is hosted. Any help?
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
My guess is that there is a proxy in the middle. Use
HTTP_X_FORWARDED_FOR first, and if that’s null, then use
From the MSDN article:
Although retrieving just the REMOTE_ADDR server variable should be enough, I found resources online that suggested that code like this should also check the HTTP_X_FORWARDED_FOR variable; if the request comes through a proxy server that translates the address, it’s this variable that contains the correct address. If you request a server variable that doesn’t exist, the ServerVariables property returns an empty string. Therefore, even though this property doesn’t appear in my tests, attempting to retrieve its value doesn’t cause trouble.
If it’s a load balancer that you have have settings changed on, you should ask to see if they can have the origination IP passed through. I know this can be done with Microsoft’s ISA server.
If that’s not an option, there are these other server variables that you can try and see if they produce a result:
"HTTP_X_COMING_FROM" "HTTP_X_FORWARDED_FOR" "HTTP_X_FORWARDED" "HTTP_X_REAL_IP" "HTTP_VIA" "HTTP_COMING_FROM" "HTTP_FORWARDED_FOR" "HTTP_FORWARDED" "HTTP_FROM" "HTTP_PROXY_CONNECTION" "CLIENT_IP" "FORWARDED"
Why do you use old, VB-style server variables instead of
See MSDN Library.
As the others have stated, you will get the IP address of the reverse proxy/SSL terminator if it doesn’t make the requests look like they come from the original client (As is possible at least in ISA server, and probably in most other reverse proxies).
If not, you will get the public address of the client (which is probably a router address at the client site, as most LANs are NAT-ed).
How does your setup in the production environment differ from your test environment?
Are you actually getting the IP address of the Web server, or of some other server in the same network?
I see this is an old question but I ran across it and I think I know the answer. The answer is simpler than those above… I just ran into the same issue today. I bet you are trying to get the IP from a page being called by XMLHTTP which will return the server IP since it is the one making the request and not the user.