Pending Review

Audit log captures proxy IP address

Tyler 7 months ago updated by CJTC 6 months ago 2

Recently I tried locking down my server to a few trusted IP addresses. I was able to find the setting for this using the Advanced Configuration Editor extension but after setting it I was locked out. I reverted my virtual machine back and took a closer look at the Audit log and found that CW Control is capturing the IP address of my proxy server instead of the IP address of my system that is connecting through the reverse proxy. That's why I was locked out when I set the trusted IP addresses earlier.

I have dealt with this in the past for other servers I run. For example, if the server is utilizing NGINX I know adding the something like these lines in the virtual host file will allow the real IP address to flow through from the reverse proxy:

set_real_ip_from ;

real_ip_header X-Forwarded-For;

I haven't been able to find a setting similar to this in the Admin tab or through any extensions. It would be great if the equivalent options would be added to CW Control.

Here is a correction to my NGINX example:
set_real_ip_from <reverse proxy IP address>;

real_ip_header X-Forwarded-For;

Yeah, SC doesn't support X-Forwarded-For or use with web proxies. I hope this changes, but I'm not aware of any movement on this over the past couple of years.