cancel
Showing results for 
Search instead for 
Did you mean: 

HowTo: Spoof Source IP Addresses with IP Transparency

This quick 'howto' explains how to use Stingray's  IP Transparency Module to spoof the source IP address of a TCP connection.  This can be useful when processing traffic from an upstream proxy that does not preserve the source IP address - you can inspect the X-Forwarded-For header and use Stingray to spoof the traffic on behalf of the remote client.

 

Overview

 

Many network devices operate as proxies, reading client requests and then forwarding then on to a downstream server. Some of these proxies do not preserve the client IP address in the downstream connection to the server. From the server's perspective, the connection appears to originate from the proxy rather than the remote client. This can be a problem when the server is performing access control based on the source address, or when the server wishes to maintain an audit log of all traffic.

 

Most of these proxies append the upstream address onto the end of an X-Forwarded-For header. If a trusted upstream reverse proxy manipulates the header, then Stingray can read the header and determine the true source address of the connection.

 

Solution

 

In this case, Stingray can then spoof the source IP address of the connection when it forwards the request on to the downstream server. This capability depends on Stingray's IP Transparency feature:

 

Note that access control based on the value of an HTTP header is extremely weak and easy to bypass. The above example assumes that all incoming traffic comes through a trusted upstream proxy that modifies the X-Forwarded-For header.

 

1
2
3
4
5
6
7
$forwardedfor = http.getHeader( "X-Forwarded-For" );
# We trust the upstream proxy, so use the source IP address that it appended
# onto the end of the X-Forwarded-For header
if( string.regexmatch( $forwardedfor, "([0-9]+.[0-9]+.[0-9]+\\.[0-9]+)$"  )) {
   $ip = $1
   request.setRemoteIP( $ip );
}

 

Read more

 

Version history
Revision #:
1 of 1
Last update:
‎02-24-2013 07:01:AM
Updated by:
 
Labels (1)