Documentation on x-client-ip http header

Question

Documentation on x-client-ip http header

Raghu Warrier 1

I am looking for some documentation around how the x-client-ip http header is created while calling an App Service. Can this header be spoofed for a different IP?

Grmacjon-MSFT 19,151 Reputation points Moderator

2022-04-25T06:46:31.097+00:00

Hi @Raghu Warrier ,

Thanks for the question. I also couldn't find any external documentation on x-client-ip http header. I will check internally with the azure webapps team and get back to you shortly.

Best,
Grace
Fabien Snauwaert 0 Reputation points

2023-10-20T09:19:32.1433333+00:00
Any docs available now?

The headers are a bit unusual. On Azure Web Apps there are:

Client-Ip: 203.0.113.157:63546

X-Client-Ip: 203.0.113.157

X-Forwarded-For: 203.0.113.157:63546

It's unusual (to me) in that X-Forwarded-For contains the port number.

1 answer

Your answer

Grmacjon-MSFT 19,151 Reputation points Moderator

2022-04-25T06:46:31.097+00:00

Hi @Raghu Warrier ,

Thanks for the question. I also couldn't find any external documentation on x-client-ip http header. I will check internally with the azure webapps team and get back to you shortly.

Best,
Grace
Fabien Snauwaert 0 Reputation points

2023-10-20T09:19:32.1433333+00:00

Any docs available now?

The headers are a bit unusual. On Azure Web Apps there are:

Client-Ip: 203.0.113.157:63546

X-Client-Ip: 203.0.113.157

X-Forwarded-For: 203.0.113.157:63546

It's unusual (to me) in that X-Forwarded-For contains the port number.

Answer 1

JeffM-MSFT 6 Microsoft Employee

Hey @Raghu Warrier ,

The client-ip header is added on the Front End role as part of routing. App Service will overwrite any existing header so they cannot be spoofed for a different IP address.

For more info: https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/headers.md

thanks,
Jeff

Share via

Documentation on x-client-ip http header

1 answer

Your answer