Hi there,

I'm not an ASP nor an IIS beginner, so don't tell me to simply use Request.ServerVariables("REMOTE_ADDR"). It works, but it does not work as fine as I need.

Here is my challenge : I am building a web application which needs to be secured (in part) by allowing only some IP addresses to use it. I used Request.ServerVariables("REMOTE_ADDR") for up to three years to retrieve the browsers IP address for many web applications, but one friday morning, I noticed that sometimes the IP address was the IP address of an Internet cache server, not the IP address of the true client.

I'm not a newbie in networking, so don't remind me that when a client is behind a proxy, a firewall, a gateway or a router we can't easily get is IP address and that its true IP address will be unroutable, I already know it and understand it. The clients IP addresses which I wish to verify are public IP addresses and they are routables. The computers which I want to identify are not behind any proxy, firewall, gateway or router, they are simply in a university which use an Internet cache server to visits the web sites for the clients and reduce a little its Internet traffic.

You can easily understand that, if for almost all the computers of an entire university, Request.ServerVariables("REMOTE_ADDR") simply return the IP address of this university's Internet cache server, I can not know if the computer which is trying to access the protected page is one of the allowed one or not. As you can guess, some computers of this university must have the access to the pages and some others should not.

I can not use a software nor an hardware firewall with the server which hosts my web application. This server hosts many other web sites and, most of all, some pages of my web application need to be view from anywhere on the Internet. Only some pages needs restricted access.

I think that it is possible to get the information I want, because I browsed the web with some these computers and some site detected the Internet cache server IP address and some others detected the true IP address. For exemple http://www.lawrencegoetz.com/programs/ipinfo/ tell me the true IP address of my computer but my web site tell me the Internet cache server IP address.

I think that it is possible that the solution may be in the server's configuration or in the Response.CacheControl property or in an other other property like this one. Any clue will be appreciate.

Thanks

I visit your site, but it does not display my ip address.
I think it is networking question.
Network specialist can give right answer (reason)

I hit your page, and I got the IP of my office's gateway router. Looked ok to me.

Like you said, this problem obviously has to do with caching. I haven't used the CacheControl property of Response much, the way I usually resolve this sort of thing is by for page expiration.

Perhaps this will work:
Response.Expires = Now - 1

I built a site once with all pages set like this and even when I hit the [Back] button the page was re-requested from the server so I know that this worked. But I never tested it with a scenario such as yours.

Peter
----------------------------------------
Work smarter, not harder.

hi there,
just wanna point out that the following doesn't work due to different time zones around the globe:
Instead, use the following to work around the time zone differences, so that the page will always expire no matter where you load it from on this planet:
Sincerely,
Pierre du Toit.

Good point. I thought that Now - 1 brought Now back 1 day, but I suppose in some places that still wouldn't be enough.

Alternatively you could give it an explicit expiration:
Response.ExpiresAbsolute = #1/1/2000"

Peter
----------------------------------------
Work smarter, not harder.

Thanks guys!

I'm unable to continue my work on this application, I lost, a child and my wife, so I'm out of work for a while.:( I will not be able to test your solutions but Response.ExpiresAbsolute = #1/1/2000 sounds great.

YES planoie, Work smarter, not harder... that's a great quote! :)