So…you’re using MVC3 right? Good. And you’re using the awesome new server debugging/troubleshooting tool Glimpse right? Naturally! And you’re deploying to fantastic AppHarbor platform right? Of course you are! And they all go together like peanut butter and chocolate right? WRONG!
While all 3 of these things are quite awesome, you’ll be quite disappointed when you push your site to AppHarbor and then try to get a Glimpse into what’s happening on the server-side. This is because Glimpse, by default, only allows you to use it from localhost and if you want to use it from any other hosts you have to specify the IPs in the web.config. OK, that’s cool, I’ll just add my public IP and we’ll be in business right? Nope. That’s because the IP restrictions are enforced by this code:
So, what’s wrong with that? Nothing. The problem lies in the architecture of AppHarbor. They use load balancers to send requests to the server your app is running on. That means that Request.UserHostAddress is going to be the IP of the load balancer rather than the actual client.
At this point you have two options:
- Add the IP of the load balancer
- Allow all IPs
Both of these result in any client being allowed to turn on Glimpse on your site. That’s not good. It reveals too much info about your server. The code could be updated to also check the HTTP_X_FORWARDED_FOR header value but that would be pretty easy to fake in a non-loadbalanced environment.








