Amazon cloudfront IP resolution by client - javascript

I have a webapp that uses a lot of images which are cached through CloudFront. Some users complain that the load time is excruciatingly slow, So I want to build a diagnostic page on the site that will do a speed test by loading a few images and reporting the time. I also want to report the users IP address (which I can easily get from php when they load the page), but I also want to show the IP address that they are getting for the cloudfront server.
I know that if I run:
dig subdomain.cloudfront.net
I get several IP addresses. If an app (browser, QT app, mobile app) is running simultaneous connections to subdomain.cloudfront.net, does it always use the first IP first and use the others only if it fails?
And is there any way from within the browser that I can get these IP addresses as they are from the client users system? It's my understanding that they will get a different list of IPs based on their IP address.
If this is not possible from within the browser, is there any type of request that I could send to the cloudfront server that would include it's IP address in the response?

does it always use the first IP first
Most modern DNS resolvers and authoritative servers will randomise the order of the IP addresses -- more precisely, the set of A records for a given domain name.
So, "first IP" really isn't deterministic at all.
and use the others only if it fails?
Obviously this is very browser-dependent. Most modern browsers do handle it by retrying the other IPs. I wouldn't count on it though.
is there any way from within the browser that I can get these IP addresses as they are from the client users system?
From Chrome devtools network panel, you can see the address that the browser connected to in the "Remote Address" field of a request. However, I'm not aware of any way to access that from Javascript on a page.
It's my understanding that they will get a different list of IPs based on their IP address.
Yes.
is there any type of request that I could send to the cloudfront server that would include it's IP address in the response?
Not that I know of. However, you might be able to reverse engineer the Via or X-Amz-Cf-Id response header? At a cursory glance, both are unintelligible to me after hex or base64 decoding.
That said, there is a trick that you might be able to use, i.e. that you could setup a URL prefix in your distribution that forwards the requests to your server running PHP. You then point your users to a URL that would result in a request that gets forwarded to your PHP script. In your PHP script, examine the X-Forwarded-For header, which should include a Cloudfront IP.

Related

Webpage Connection

I am trying to connect my subdomain (https://www.subdomain.webpage.com) to an external javascript page (x.x.x.x/DIBS_X_X/pages.jsp) through DNS records, is this viable? The third party gave me the IP address seen through the javascript page but it doesn’t connect because the IP address can’t be reached without the (/DIBS_X_X/pages.jsp). Would a CNAME record be enough to connect to point to this page? How would someone usually go about to connect to an external javascript page?
Thanks
You have to understand what's happening here to understand why what you're trying to do won't work.
Hostnames, like www.subdomain.webpage.com resolve to network address. When you try to go to https://example.com/some-page, first example.com is looked up at the configured DNS server, which might resolve that hostname to 192.0.2.1.
Next, a network connection is made between the computer running the browser and the server at 192.0.2.1. As this is HTTPS, a TLS session is started over this connection, to encrypt traffic between the browser and the server.
Now, the browser asks the server for the page:
GET /some-page
Note that this has nothing to do with the hostname. (Yes, it's true that there is usually a Host: header here, to allow the server to use multiple hostnames on one server, but that isn't relevant. By now, we're already connected to a specific server.)
At the DNS layer of all this, you can only point your hostname at some IP address. That's it.

XMLHttp​Request get ip of url

For example i send a request to https://www.w3schools.com/ which is showed Remote Address: 192.229.179.87:443 on Inspect tools, can i get that ip in js?
An IP address or Internet Protocol is used in hand with TCP(Transmission control protocol) to identify and share information between computers on the internet. Because it would be a very hard job for humans to keep IP's of various servers in the head, all IP addresses are saved on a DNS server together with their domain names. Hence, whenever you make a request to a site in your web browser, the web browser first visits a DNS server to fetch the IP address corresponding to your domain before making a direct request to the server. Hence there is no Javascript code or command to generate IP addresses from domain names. Hence to accomplish this, you'll have to use an API which will do all the hard work for you.
Check this question for some API's : API's for getting IP

JSON - what http headers are sent from browser to external server json file

Let's imagine the following situation.
I have a website mysearchengine.com and then I use search suggestions from external sites, for example eniro.no:
http://map01.eniro.no/search/search.json?q=de&index=yp_sug&profile=pl&pageSize=10&callback=C
Does eniro.no can see that their JSON is requested from website mysearchengine.com?
My issue is that I want to use some JSON resources of another (not my) server and I wonder if it is seen for them that I'm doing that?
The above is only an example, easiest I found to show my question about how JSON works.
Yes, in one of two main ways:
HTTP Referrer Header:
http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14
Direct IP address logging: If they log your IP address, they could potentially do a reverse lookup to find your web address. Alternatively, if you are under a shared IP, they may just block your IP address if you are abusing their web resources.
Note: You can choose whether to pass the referrer header or not. It is up to your server. However, there is no way to mask what computer/server requests the remote resource (yes, using a proxy they will be able to tell that the proxy's IP requested the resource, but that is beside the point).
Are you looking to have a user click a button on your site, and your site will make a GET request, in javascript, to another site, and then put content on your site? That's called Cross Origin Resource Sharing (CORS).
If you're controlling the javascript, you can insert additional headers into the request, and since it's the user's browser that's making the request, the site will only see that user's information, not your site's.
Besides that, the answer by Andrew M. is correct, based on the browser, there will probably be a referred header sent, and I am not sure you can get rid of it through JS.

How to get local IP from Firefox extension code

I'm writing a Firefox extension that uses nsIServerSocket to listen for socket connections. I'm looking for a way for the extension code to programmatically learn the local network address of the machine running the Firefox extension. This information gets communicated to a client on the local network out-of-band such that it can open a socket connection to the extension.
My research into this has so far only turned up individuals wishing to find the ip address of loaded websites by way of DNS resolution or using Java applets) which won't be appropriate for a FF extension. The Mozilla Developer pages on the Geolocation API mentions:
"data is exchanged including WiFi Access Point data, an access token (similar to a 2 week cookie), and the user's IP address"
but does not indicate an API to access the user's IP address directly.
My only idea at this point is to invoke a local process using nsIProcess and parse the IP from there. This seems awfully hackish and would have to be handled on a per-OS basis. I.e. do I run ifconfig, netcfg, ipconfig? With what args?
Is anyone aware of a better solution?
You use nsIDNSService interface here as well - it has a myHostName property that can be resolved:
var dns = Components.classes["#mozilla.org/network/dns-service;1"]
.getService(Components.interfaces.nsIDNSService);
var myName = dns.myHostName;
var record = dns.resolve(myName, 0);
while (record.hasMore())
alert(record.getNextAddrAsString());
You should expect it to produce multiple addresses and not all of them will be valid - even for the local network you will get at least two addresses (IPv6 and IPv4), in addition to that you might get a Teredo address, addresses from virtual adapters installed by VMWare & Co. and more.
I'd bet that the IP address mentioned in the Geolocation API is not the local computer's IP address. I mean, where in the world is 192.168.0.100, hmm? It's just not a useful piece of information, in general.
Since you're dealing with a local network, could you set up a small web page that just prints out the client's address? Then you could learn your IP by requesting that web page.

javascript get my local LAN ip address

I have quite happily set up pac files using myIpAddress() as a function to resolve the local IP on my LAN to load balance my proxies.
I now need to use this function, or anything that works simply, to return the local ip so that I can change the content of my media server to deliver hq video to high bandwidth pcs while delivering lower quality to the area offices which are on a different subnet.
Searching has proved futile.
The outcome is to have something that allows a web page to display http://mediaserver/x to one ip range and http://mediaserver/y to another.
I really don't care what WAN address they have, it's an intranet.
My pac file works just fine.
What do I need to do to get the same functionality in a web script that will work on win32, OSX and sun machines?
There is no way that a machine locally can determine its own IP address as seen by another server. For example my Linux Laptop has 3 different valid IP addresses, and that is not including any NAT addresses which may be transiently assigned for external traffic. Getting Javascript to locally work out which one is "correct" is a futile task.
What you need is a redirect server (for example http://mediaserver/entrypoint-for-redirect) , which determine which IP address a request is coming from and then base on that redirect (HTTP-302) to the desired resource -- that being either http://mediaserver/x or y.
EDIT
As you are using apache, you may also be able to implement the same without a redirect using the mod-rewrite module -- I.e. install mod-rewrite on the server and create a rule which switches the traffic without a redirect to the right resource on the server.

Categories