fn icon indicating copy to clipboard operation
fn copied to clipboard

Published 20 hours ago verified publisher icon fnproject

Get IP address of function caller

Open johndevs opened this issue 6 years ago • 5 comments

How can I get the IP address of a function caller? Is there any way of getting the original HTTP request?

johndevs avatar Dec 01 '18 16:12 johndevs

Hi! There’s no IP address of a function. The only endpoint you have is the Fn server IP address.

Would you mind to elaborate when and when you’d like to get the original request?

I suppose you’d like to get the request inside of function. I assume you use an FDK, in order to get the request you need to use the context (the way it works depends on an FDK and programming language).

denismakogon avatar Dec 01 '18 18:12 denismakogon

Assuming this is for HTTP triggers does it suffice for the the trigger handler to add X-Forwarded-For at the gateway?

zootalures avatar Dec 02 '18 00:12 zootalures

I'm using the Java FDK, but I guess this is a generic issue for all the FDKs to be able to resolve the details of the incoming request.

The use-case I'm trying to implement is to implement an analytics end-point as a FN function where some details of the caller are stored. The IP address is one of those details.

For the caller IP use-case the X-Forwarded-For header is fine, but the optimal implementation from my point-of-view would be that the (Java) FDK would provide a injected type RequestEvent (or similar) that would contain the details of the original request. For other FDK's a similar thing can probably be done as well.

johndevs avatar Dec 02 '18 08:12 johndevs

Hi! So, in this case I’d recommend to add a requirement to you application - force a caller to tell who is he, i.e. force them to set a header X-Whoami or X-Caller-Id. There are plenty of way to make it work.

FDKs provide you whatever is sent by a caller of a function. Meaning if the info is not there - it wasn’t sent by a caller.

denismakogon avatar Dec 02 '18 08:12 denismakogon

@denismakogon Sure, I can manually do it but then I have to trust what the clients are sending to the function. That is not really an option.

What I am after is something I can currently can do with AWS API Gateway (https://aws.amazon.com/premiumsupport/knowledge-center/custom-headers-api-gateway-lambda/) allowing access to the original request and mapping it onto JSON.

For example via the API gateway I can do something like this:

#if($context.identity.sourceIp == "123.45.55.43")
  {
    "source_ip": "$context.identity.sourceIp"
  }
#else
  $broken
#end

This allows me to implement IP filtering, logging, etc.

johndevs avatar Dec 02 '18 18:12 johndevs