VMware Horizon Community
MrBeatnik
Hot Shot
Hot Shot
‎05-25-2020 04:29 AM

Client IP Address mismatch with Forwarded IP address

Hi All,

We forward the client IP address from our load balancer using x-forwarded-for, and this works correctly (searching SQL EVENT_DATA table shows the correct ForwardedClientIPAdress). However, using the Horizon Admin interface (or even searching the session variables or PCoIP event logs on the device), show the users local lan address.

For example:

  • EVENT_DATA Table ForwardedIPAddress: 88.124.66.87  (note this is a made up IP for this example)
  • Admin/Registry Client IP: 192.168.0.5

Clearly the table entry shows the users router/modem internet IP address, which is what we want to see.

The Admin/Registry IP shows the users address for their internal network, a private IP range - which is fairly useless in most external examples.

I do understand that the 192 address is in fact the address of the computer on their network, and so the Horizon Client is forwarding the correct details as it sees that... but is there a way to get the forwarded IP address into the admin console or logs, without having to get into the database with SQL queries?

Thanks

2 Replies
Shreyskar
VMware Employee
VMware Employee
‎05-25-2020 07:59 AM

Hi MrBeatnik

View doesn't log the X-Forwarded-For header .

There is no mention of logging the X-Forwarded-For header under horizon view documentation.

0 Kudos
MrBeatnik
Hot Shot
Hot Shot
‎05-25-2020 08:34 AM

Do you mean, it's not captured in any usable format for the Administration interface?

It can be seen with the SQL, and is logged correctly - We can obviously get the ForwardedClientIpAddress by using SQL or SIEM (as we do log correctly), but I think it would be handy in the View Administration interface, but definitely no way possible?

Can we look at this a different way then?

  • ViewClient_IP_Address shows the users local area IP, which can be useless such as: 192.168.0.2
  • The ViewClient_Broker_Remote_IP_Address shows the connection address, but this is the LOAD BALANCER IP.

Is there a way to replace ViewClient_Broker_Remote_IP_Address with the ForwardedClientIpAddress?

At the very least if the desktop can obtain the ForwardedClientIpAddress somehow, I could potentially script the variable, but I assume you are saying there is no record of it anywhere in the desktop?