tracker issue : CF-4200785

select a category, or use search below
(searches all categories and all time range)
Title:

X-Forwarded-For header does not handle the port properly

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/CannotReproduce

Reporter/Name(from Bugbase): Evagoras Charalambous / Evagoras Charalambous ()

Created: 01/19/2018

Components: Installation/Config, Connector

Versions: 2016

Failure Type: Others

Found In Build/Fixed In Build: ACF 2016.0.04 /

Priority/Frequency: Normal / All users will encounter

Locale/System: ALL / Windows 7 64-bit

Vote Count: 0

Problem Description: If you are trying to reverse proxy an IIS site into a Developer's ColdFusion instance (even one with CommandBox), that fails on the spot, getting the error about the 2 IP limitation. The reason for that is that normally an `X-Forwarded-For` header accepts either a host, or a host together with a port. However, ColdFusion is assuming that it will only ever receive the host.

Steps to Reproduce: Set up an IIS site and reverse proxy it into a local Developer's ColdFusion instance. Then you will see the error about the 2 IP restriction right away, and will not be able to browse the site.
Here's a sample of a reverse proxy rule:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpErrors existingResponse="PassThrough" />
        <rewrite>
            <outboundRules>
                <rule name="ReverseProxyOutboundToCommandBox" preCondition="ResponseIsHtml1">
                    <match filterByTags="A, Form, Img" pattern="^http(s)?://cmdbox.lgateway.local:40000/(.*)" />
                    <action type="Rewrite" value="http{R:1}://iis.lgateway.local/{R:2}" />
                </rule>
                <preConditions>
                    <preCondition name="ResponseIsHtml1">
                        <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
                    </preCondition>
                </preConditions>
            </outboundRules>
            <rules>
                <rule name="ReverseProxyInboundFromCommandBox" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://cmdbox.lgateway.local:40000/{R:1}" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

Expected Result: You would expect that reverse proxying like above would work.

Any Workarounds: Make sure the Application Request Routing Cache IIS module is installed. After installation, you need to open the feature in IIS, then click on Server Proxy Settings... on the right hand side of the IIS panel, and uncheck the option Include TCP port from client IP. Make sure to click on Apply on the right hand side of the panel to save your changes.

Attachments:

Comments:

Hi Evagoras, I have tried configuring reverse proxy with CF 2016 Developer edition from IIS to redirect it to serve a CF page from the CF webroot when a request comes to IIS and it works fine. Is this a specific scenario in which it fails.
Comment by HariKrishna K.
29454 | April 17, 2018 10:45:33 AM GMT
I have run into this issue before when putting CommandBox Adobe CF servers behind IIS. Someone else just contacted me with the same issue. Can this ticket be re-opened? It looks like it was closed as "cannot reproduce" without any discussion on the matter.
Comment by Bradley W.
29453 | August 09, 2018 11:03:45 PM GMT
Hi Evagoras, The comment was marked internal, for some reason. I have made the comment external now.
Comment by HariKrishna K.
29455 | August 10, 2018 04:50:10 AM GMT