Application Insights and .Net Core - 0.0.0.0 IP

Question

All my requests logged on application insights have the 0.0.0.0 IP. Why?

Details:
- Running a app on azure app service
- Using .Net Core 2
- Other info seems ok, like, some requests from around the globe and etc

Answer 1

There is property on Microsoft.Insights DisableIpMasking link to official documentation.

resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
  name: applicationInsightsName
  location: location
  properties: {
    DisableIpMasking: true
  }
}

Answer 2

Matthias' answer is great and helped me quite a bit. If you're doing this from within Azure CLI via PowerShell, keep in mind that the formatting requirements are slightly different and the content-type header is required. See below:

az rest --method patch --url "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/microsoft.insights/components/{application-insights-resource-name}?api-version=2018-05-01-preview" --body '{ \"location\": \"{region-identifier}\", \"kind\": \"web\", \"properties\": { \"Application_Type\": \"web\", \"DisableIpMasking\": true } }' --headers "content-type=application/json"

Reference: https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-rest()

Answer 3

The IP masking feature of Application Insights can be disabled.

Know your compliance requirements first before you do so!

There are two ways to do so:

First, make a REST call to reconfigure your existing App Insights instance

I suggest leveraging Azure CLI for that task, as you don't have to take care of the access token. Replace the missing values accordingly

• <sub-id>
• <rg-name>
• <resource location>

az rest --method patch \
        --url https://management.azure.com/subscriptions/<sub-id>/resourceGroups/<rg-name>/providers/microsoft.insights/components/<resource-name>?api-version=2018-05-01-preview \
        --body { \"location\": \"<resource location>\", \"kind\": \"web\", \"properties\": { \"Application_Type\": \"web\", \"DisableIpMasking\": true } }

Second, use a custom TelemetryInitializer

public class CloneIpAddress : ITelemetryInitializer
{
    public void Initialize(ITelemetry telemetry)
    {
        if (telemetry is ISupportProperties propTelemetry && !propTelemetry.Properties.ContainsKey("client-ip"))
        {
            var clientIPValue = telemetry.Context.Location.Ip;
            propTelemetry.Properties.Add("client-ip", clientIPValue);
        }
    }
}

And than don't forget to register the type with the DI container

services.AddSingleton<ITelemetryInitializer, CloneIpAddress>();

The IP address will show up as a custom dimension

Answer 4

https://learn.microsoft.com/en-us/azure/azure-monitor/app/data-model-context#client-ip-address

Client IP address The IP address of the client device. IPv4 and IPv6 are supported. When telemetry is sent from a service, the location context is about the user that initiated the operation in the service. Application Insights extract the geo-location information from the client IP and then truncate it. So client IP by itself cannot be used as end-user identifiable information.

Answer 5

This is by design because of GDPR. from this blog post in february:

Starting February 5, 2018, Application Insights will set all octets of the IP address collected by client/server side SDKs to Zero after looking up the City, Country and other geo location attributes. This strengthens privacy and is a change from the prior processing that set the last octet to Zero.

This change is being made to address customer concerns with IP address and the impact of GDPR.

Note:

• If you need the first 3 octets of the IP address, you can use telemetry initializer to add a custom attribute.

• This does not affect data collected prior to February 5, 2018.