This topic describes how to obtain the real IP addresses of clients that attempt to access an application after it is integrated into GameShield.
Background information
GameShield adopts the FullNat proxy mode. After receiving a request from a client, GameShield replaces the IP address of the client with the IP address of GameShield. This topic provides a solution for obtaining the real IP address of a client.
Implementation
GameShield uses the options field of a Transmission Control Protocol (TCP) packet
to store and transfer the IP address of a client. In most cases, this method is called
TCP Options Address (TOA). The TOA method is provided by GameShield. You can only
obtain the IP address of a client after integrating a TOA module to an origin server.
You can integrate a TOA module by using application hooks. No code change is required.
Deployment of origin servers
Scenario | Supported architecture | Unsupported architecture |
---|---|---|
Obtain the real IP address of a client when the client transfers data over TCP |
|
Data flows from GameShield and distributed at Layer 4 by using third-party load balancing services. Data is then forwarded to third-party origin servers. |
Obtain the real IP address of a client when the client transfers data over HTTP or HTTPs |
|
|
Note Based on Layer 4 data forwarding, GameShield does not manage HTTPS certificates. GameShield
cannot retrieve data details that are contained in a HTTPS data stream. When a client
accesses GameShield over HTTP or HTTPS, GameShield retrieves the real IP address of
the client by using a TOA module that is installed on an origin server. You cannot
obtain the real IP address of a client from the X-Forwarded-For (XFF) header field
of an HTTP or HTTPS request.