Need to mask the Client IP

Hi there. I deployed my first ever Kong setup today in a 1-click deployment on Google Cloud (running on Debian 11.6). Its sole purpose is to proxy requests coming from my Bubble.io servers in the U.S to a service in Australia that only accepts traffic from other Australian-based hosts.

I’m new to the O/S but it was pretty easy to configure basic services and routes, and the proxy function is working perfectly. I was pretty impressed how easy it was.

The only issue is that I need to pass the proxy server IP address as the originating address, and not the IP address of the host where the API call came from, as the Australian service I’m using rejects it. As my Kong server has an Australian IP address, I wrongly assumed that this would work out of the box.

What do I need to change in order to make this happen? I suspect it’s kong.conf but I’m having trouble figuring out exactly what to change.

Can anyone give a newbie some guidance?

Blair

I’m going to reply to this post since this was the only result that came up as an accurate description of my issue and no response was given.

To accomplish this you need to use the post-function plugin to only pass Kong IP address in the X-Forwarded-For header to the upstream service.

Here’s the configuration for database-less option which is just a yaml file, usually kong.yml:

plugins:
  - name: post-function
    config:
      access:
        - ngx.var.upstream_x_forwarded_for=nil

For the UI configuration the json would be:

{
    "access": [
        "ngx.var.upstream_x_forwarded_for=nil"
    ],
    "functions": [],
    "rewrite": [],
    "log": [],
    "certificate": [],
    "header_filter": [],
    "body_filter": []
}

I hope this helps someone.