Modifying the RUM Client IP

Modifying the RUM Client IP

In RUM the client IP used for reporting can be modified if needed by extracting an IP address from a header.  This can be useful in cases such as proxy or load balanced traffic, Citrix traffic, or other use cases where the “actual” IP address of the session is not desirable.

With certain traffic like with firewalls or Citrix the session intercepted by RUM all has the same “Client IP” address matching the firewall device, or Citrix server, that passes the actual HTTP request.  This makes geographically located end user reporting fairly useless.  The table below demonstrates behavior with and without modification:

                      Unmodified                      Modified

KB_modifyingRUMclientID.jpg

 

The same technique can be used for X-Forwarded-For headers and other similar use cases, and is part of how the Citrix agent for RUM works.

Outside of the standard RUM configuration available in the UI, there are several levers into the legacy “Beatbox” code that runs on the RUM probe.  These can be used to modify default behavior as needed.  In this case:

 

On the Real User Monitor Engine, locate the file:

<HPRUM>\conf\configurationmanager\Beatbox_Default_Const_Configuration.xml

MAKE A BACKUP.  If you screw up the syntax you will lose the ability to configure your probe.

 

Add a line at the end of the [Global] section like:

 forwarded_for_header SFDC_CIP .*^([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})$ $1

To grab the IP address from header "SFDC_CIP", or like:

 

forwarded_for_header User-Agent .*RUM_CLIENT_ADDRESS=IPV4\*([^;]*);.* $1

To grab the IP injected by the HTTP Agent for Citrix.  Samples should have no line breaks or carriage returns.  The format is:

forwarded_for_header <header name> <regex> <capture>

Save the Beatbox_Default_Const_Configuration.xml, then in the RUM Engine Console at http://rumengine.j9demo.com:8180 got to the Tools tab and synchronize your probe.  If you get an error here it means you have an error in the syntax, so you will need to roll back or find the problem.

 

This process has the effect of changing the default forwarded_for_header value for your RUM probe for all applications by instructing the probe to use the value matched by the regex in the header you have provided.  The fun part if you are creative is to work through the other options.

On the RUM probe is a directory called /etc/rum_probe/webconsole/help that contains documentation of the many other options (see attached).  For the example the global.html file has the parameter we use, and many others that can modify the default RUM behavior for your needs.  Just be careful.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk