@@ -18,12 +18,27 @@ public override void OnActionExecuting(HttpActionContext actionContext)
1818 bool authenticated = false ;
1919 string message = "Access denied." ;
2020
21+ string forwardingAddress = null ;
2122 string clientIpAddress = null ;
2223
2324 try
2425 {
26+ // There is a strong possibility that this is not the ip address of the machine
27+ // that sent the request. Being behind a load balancer with transparancy switched
28+ // off or being served through CloudFlare will both affect this value.
2529 clientIpAddress = HttpContext . Current . Request . UserHostAddress ;
2630
31+ // We need to get the X-Forwarded-For header from the request, if this is set we
32+ // should use it instead of the ip address from the request.
33+ string forwardedFor = HttpContext . Current . Request . Headers . Get ( "X-Forwarded-For" ) ;
34+
35+ // Forwarded for set?
36+ if ( forwardedFor != null )
37+ {
38+ forwardingAddress = clientIpAddress ;
39+ clientIpAddress = forwardedFor ;
40+ }
41+
2742 // Got the ip address?
2843 if ( ! string . IsNullOrEmpty ( clientIpAddress ) )
2944 {
@@ -49,6 +64,12 @@ public override void OnActionExecuting(HttpActionContext actionContext)
4964
5065 string log = string . Format ( "(IP: {0}) {1}" , clientIpAddress , message ) ;
5166
67+ // Was it forwarded?
68+ if ( forwardingAddress != null )
69+ {
70+ log = string . Format ( "(IP: {0} | Forwarded by: {1}) {2}" , clientIpAddress , forwardingAddress , message ) ;
71+ }
72+
5273 elc . AddLog ( "PolyDeploy" , log , EventLogController . EventLogType . HOST_ALERT ) ;
5374
5475 actionContext . Response = actionContext . Request . CreateErrorResponse ( HttpStatusCode . Forbidden , message ) ;
0 commit comments