Web analytics geolocation errors from incorrectly formatted IP addresses

Bryan Johnson asked on July 9, 2020 23:14

Occasionally I see Web Analytics exceptions thrown of type MaxMind.GeoIP2.Exceptions.GeoIP2Exception with a message like this:

The specified IP address was incorrectly formatted: 99.58.57.49, 165.225.216.217

The problem seems to originate from traffic showing two IP addresses separated by a comma. Why might I be seeing traffic like this, and is there anything I can do to handle this case?
This is happening on a Kentico 12 EMS system. Thanks!

Correct Answer

Dmitry Bastron answered on July 10, 2020 11:25

Hi Bryan,

It could have been caused by CDN, reverse proxy or just clients using weird proxy setting wrong headers. This is an example of the module we are using when the website is behind the proxy to extract real IP from X-Forwarded-For header:

[assembly: RegisterModule(typeof(UserIpFromHeaderModule))]
namespace Custom.Modules
{
    public class UserIpFromHeaderModule : Module
    {
        public UserIpFromHeaderModule() : base("Custom.Modules.IpFromHeader")
        {
        }

        protected override void OnInit()
        {
            base.OnInit();        
            RequestEvents.Begin.Execute += this.GetRealClientIpAddress;
        }

        void GetRealClientIpAddress(object sender, EventArgs e)
        {
            if ((HttpContext.Current != null) && (HttpContext.Current.Request != null))
            {
                var headers = HttpContext.Current.Request.Headers;

                // Look for the special header variable that the firewall or load balancer passes
                var realIp = headers.Get("X-Forwarded-For");

                if (!string.IsNullOrWhiteSpace(realIp) && !string.Equals(realIp, "::1", StringComparison.OrdinalIgnoreCase))
                {
                    // If there are multiple addresses in header
                    if (realIp.Contains(","))
                        realIp = realIp.Split(',')[0].Trim();

                    // Remove port if presented  
                    if (realIp.Contains(":"))
                        realIp = realIp.Split(':')[0].Trim();

                    RequestContext.UserHostAddress = realIp;
                }
            }
        }
    }
}

Perhaps in addition to this logic you can check RequestContext.UserHostAddress and trim starting from "," symbol so that the header contains a single IP address.

0 votesVote for this answer Unmark Correct answer

Recent Answers

David te Kloese answered on July 10, 2020 10:15

Hi, never seen this but could it be a wrongly formatted IPV6? Perhaps worth trying to reproduce from an IPV6 access point.

Do you see this behavior in a custom section or in the Analytics reporting itself?

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.