injecteer injecteer - 3 months ago 31
HTTP Question

Identifying a client behind router/firewall

In my web-app I need to register http clients accessing from a local network behind a router.

I started with

remoteHost : remotePort
combination, but soon enough it became clear, that the port numer gets regenereated upon each connection.

I need to be able to identify the clients on something similar to MAC address, some property that doesn't change. I wanted to use
headers[ "X-Forwarded-For" ]
, but it's not present at all:

[Pragma=no-cache, Cache-Control=no-cache,, Upgrade=websocket, Connection=Upgrade, Sec-WebSocket-Key=scnlM7hzjjy3cklJhJciA==, Sec-WebSocket-Extensions=x-webkit-deflate-frame,deflate-frame, Sec-WebSocket-Version=13]

What are the other options to identify clients?


You could use an API key, that is, a unique identifier that the clients send along with each request to identify themselves. Depending on the authentication method you are using, you could consider the standard HTTP Authorization header to send this value:

Authorization: API-Key <value goes here>

Or create a custom HTTP header this purpose.