Description
In DxC it is popular to block off IPs so only certain IP addresses can access a particular site. These rewrites can be difficult to troubleshoot in DxC because it can be difficult to test with a particular IP. Below is a way to spoof an IP so that it can be tested against the restrictions. It is generally easier to try this locally before attempting to spoof in DxC.
Steps
- Follow the DxC documentation for blocking IPs.
- Add the bolded section to the rule.
<rewrite>
<rules>
<rule name="Spoof incoming IP address"
patternSyntax="Wildcard" stopProcessing="false">
<match url="*" />
<action type="None" />
<serverVariables>
<!-- The IP you want to spoof here -->
<set name="HTTP_True_Client_IP" value="192.168.1.5" />
</serverVariables>
</rule>
<rule name="Block unauthorized traffic" stopProcessing="true">
<match url=".*" />
<conditions>
<!-- IPs you want to allow here -->
<add input="{HTTP_True_Client_IP}" pattern="192.168.1.5" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Site is blocked due to IP restrictions" />
</rule>
</rules>
</rewrite> - Test to see if the IP succeeds or fails. In the above case no error should occur.
This could also be tried with X_Forwarded_For or REMOTE_ADDR. You can replace HTTP_True_Client_IP with HTTP_REMOTE_ADDR or HTTP_X_Forwarded_For.
Please sign in to leave a comment.