Is there an existing issue for this?
How do you use Sentry?
Self-hosted/on-premise
Which SDK are you using?
@sentry/node
SDK Version
9.30.0
Framework Version
No response
Link to Sentry event
No response
Reproduction Example/SDK Setup
No response
Steps to Reproduce
- Deploy application behind multiple reverse proxies (e.g., CDN → Load Balancer → Application)
- Configure proxies to forward client IP via
X-Forwarded-For header
- Make requests through the proxy chain
- Observe IP address captured in Sentry user context
Expected Result
Sentry should extract and use the original client IP address from the X-Forwarded-For header.
For example, with header: X-Forwarded-For: [user's real ip], 172.70.82.11
The user context should show the original client IP from the first position in the header.
Actual Result
Sentry captures the direct connection IP instead of parsing the forwarded headers. In this case, it shows 10.244.5.65 (internal proxy IP) in the user context.
The trace data correctly captures the client IP in http.client_ip, but the user context shows the proxy IP.
Trace Data
{
"http.client_ip": "[user's real ip]",
"http.flavor": "1.1",
"http.host": "example.com",
"http.request_content_length_uncompressed": 59,
"http.request_method": "POST",
"http.response.status_code": 200,
"http.route": "/api",
"http.scheme": "http",
"http.status_code": 200,
"http.status_text": "OK",
"http.target": "/api",
"http.url": "http://example.com/api",
"http.user_agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36",
"net.host.ip": "10.244.7.162",
"net.host.name": "example.com",
"net.host.port": 3000,
"net.peer.ip": "10.244.5.65",
"net.peer.port": 35180,
"net.transport": "ip_tcp",
"otel.kind": "SERVER",
"sentry.op": "http.server",
"sentry.origin": "auto.http.otel.http",
"sentry.source": "route",
"url": "http://example.com/api"
}
Is there an existing issue for this?
How do you use Sentry?
Self-hosted/on-premise
Which SDK are you using?
@sentry/node
SDK Version
9.30.0
Framework Version
No response
Link to Sentry event
No response
Reproduction Example/SDK Setup
No response
Steps to Reproduce
X-Forwarded-ForheaderExpected Result
Sentry should extract and use the original client IP address from the
X-Forwarded-Forheader.For example, with header:
X-Forwarded-For: [user's real ip], 172.70.82.11The user context should show the original client IP from the first position in the header.
Actual Result
Sentry captures the direct connection IP instead of parsing the forwarded headers. In this case, it shows
10.244.5.65(internal proxy IP) in the user context.The trace data correctly captures the client IP in
http.client_ip, but the user context shows the proxy IP.Trace Data
{ "http.client_ip": "[user's real ip]", "http.flavor": "1.1", "http.host": "example.com", "http.request_content_length_uncompressed": 59, "http.request_method": "POST", "http.response.status_code": 200, "http.route": "/api", "http.scheme": "http", "http.status_code": 200, "http.status_text": "OK", "http.target": "/api", "http.url": "http://example.com/api", "http.user_agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36", "net.host.ip": "10.244.7.162", "net.host.name": "example.com", "net.host.port": 3000, "net.peer.ip": "10.244.5.65", "net.peer.port": 35180, "net.transport": "ip_tcp", "otel.kind": "SERVER", "sentry.op": "http.server", "sentry.origin": "auto.http.otel.http", "sentry.source": "route", "url": "http://example.com/api" }