Understand why App Insight cannot resolve internal API Management’s request client IP Geo Location
To fully utilize this blog, we should have a basic understanding of
We have all the resources drew in the above diagram.
APIM’s App Insight cannot resolve correct Client IP Geo location.
As we can see in the screenshot, the client IP column here is App Gateway’s private IP instead of end users’ actual client public IP. App Insight cannot use this private IP to resolve a correct Geo Location, hence the columns are empty.
App Insight logs down the information sent by the data source. Different data sources treat client IP field in different approaches.
Resources like Function App for example, extracts the end users’ IP addresses from the ‘X-Forwarded-For’ request header.
If we test the request and check the APIM trace, we will see when APIM forwards the request to Function App, there are two IP addresses in the ‘X-Forwarded-For’ header, and the first one is the actual end user’s public IP.
Function App will extract this IP and send this to App Insight.
To prove that, if we check Function App’s App Insight, we can see the Geo Location columns are correctly displayed.
However, on APIM side, we find that APIM is not using this approach to handle client IP field. APIM will send incoming resource’s IP as client IP to App Insight. This is a known issue and we have confirmed with the corresponding product team.
If App Insight is showing Client IP as 0.0.0.0:
The default behavior for App Insight is to mask the IP field and display it as 0.0.0.0.
We need to follow this documentation and set the ‘DisableIpMasking’ property to true.
Hope this blog helps you understand why we are not able to view client IP geo locations from App Insight. This is a known issue, and the APIM product team already has a work item to discuss the possibility to modify this. For now, we can use the above workarounds I mentioned above.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.