Redirected function causing loss of correct IP address

I make use of the client-ip HTTP header that comes into Netlify functions on the event.headers object.

Recently, I started noticing that instead of getting valid, external ip addresses, I was only getting internal private IPs, like 10.64.0.97.

After a little digging around, I found the problem. When the function is requested using www. (which is my primary domain under “Domain settings”), I get an incorrect internal private IP. But when the function is requested without the www., I get the correct external IP address.

So, it seems like Netlify is redirecting the function HTTP request, and in the process, discarding the true client-ip address.

I made a temporary function that just spits out HTML with the value of event.headers['client-ip']. You can see the different results by hitting these two links:

no www, correct IP
www, incorrect IP

Please note, those addresses are identical EXCEPT for the www. Also, the link that is NOT working correctly is the one corresponding to what I have set as my primary domain in the Netlify admin. So, right now, this means, that to get correct IP addresses, I have to make HTTP requests to my functions at my bare domain, which is not my primary domain, and oddly is not being redirected. Hopefully that makes sense.

Here’s a screenshot of my domain settings:

2021-05-05_14-11-08

The netlify site id is en-evans.

Thanks in advance for any help!

@jaredh159 For what it’s worth, I think the IP address is always different for the www subdomain vs. the apex domain.

|====================== dig A record(s) for =====================
| --------------------- friendslibrary.com ---------------------
| ---------- Netlify's old load balancer: 104.198.14.52 ---------
| ------------ Netlify's new load balancer: 75.2.60.5 -----------
104.198.14.52

| ------------------- www.friendslibrary.com -------------------
54.241.246.27
184.72.37.151
|================================================================

@gregraven – thanks for taking time to reply.

I’m not sure about the dig output you posted. This doesn’t seem to be an issue with DNS resolution, but rather with how requests for Netlify functions are routed/handled with respect to the client-ip header. I can tell you this much – something did change recently (within 2-3 weeks), since I did not have this problem before.

Can you speak at all to the core of the question? It seems as though Netlify is treating HTTP requests to functions at my bare domain as sort of canonical, not redirecting them, and supplying them with the correct external IP address. This is counter-intuitive because I have the www version set as primary and all other HTTP requests to non-www urls are being redirected. But the function requests are not redirected. And, as shown by my two links, I can only get the real IP address if I request my function endpoint at the domain that I don’t have specified as my primary. Which is new behavior as of a few weeks ago.

Again, I appreciate the reply, but it seems like the dig output is not really addressing the issue.

@gregraven – maybe to be more concise, the dig output seems irrelevant because the problem doesn’t have to do with the IP address of my site (shown by dig), but rather with the ip addresses of the visitors who request my Netlify function invocations (the client-ip in event.headers).

Yeah, I was just spit-balling. I don’t have any ideas on what might be causing this or on how to deal with it.

@jaredh159,

Give x-nf-client-connection-ip a go, rather than client-ip, as per this! That should sort you out.

@Scott ok, good deal, I’ll give that a shot, thanks for letting me know about that, and it’s good to know that it’s considered supported long-term by Netlify.

2 Likes