This is a quick trick I came up with to find out the IP address of a client that is trying to access a farm of web servers that you have access to. The diagram below shows the network path for a typical web server.
You have a client that might be sitting behind a (or multiple) proxy server. And there is a load balancer involved because you have multiple web servers for redundancy.
We were recently working on some rewrite rules for our web servers at work and we needed to find out what IP address the web servers were seeing the client traffic come from. Couple of challenges
- Which web server do you check? The load balancer can send you traffic to any server.
- What IP address are you going to look for? Wait that is the original problem right :).
The web servers usually write an entry to the error log when they serve a 404 error. So we can use that to figure out which web server you are hitting and what IP address the web server is seeing you as. Here’s the trick
- On the client side go to http://WEBSITE_ADDRESS/Get_Me_My_IP (or some other URL, which you know doesn’t exist on the web site)
- On the server side, grep for “Get_Me_My_IP” in the web server error logs
Here is an example, I ran on this website (https://kudithipudi.org)
- Client Side : Go to https://kudithipudi.org/what_is_my_ip
- Server Side : grep for “what_is_my_ip”
[email protected]:/var/log/apache2# grep -i what_is_my_ip access_kudithipudi.log
18.104.22.168 – – [04/Mar/2011:16:07:18 +0000] "GET /what_is_my_ip HTTP/1.0" 40 4 5495 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:22.214.171.124) Gecko/2 0110218 Firefox/3.6.14 ( .NET CLR 3.5.30729; .NET4.0E)"
- From this entry I can figure out that my client is appearing as “126.96.36.199” to the web server.