Describe the issue you're experiencing: When traffic is forwarded via proxy the user's IP is not fetched
Provide detailed steps necessary to reproduce the issue.: This is provided at the end
List any generated errors. (The "Oh Noes" error pages are very helpful.) None but is a flaw in a few ways (audit, security, etc...)
Include the URL the error occurred on, relative to the installation path, ie "/admin/login". Not really sure how to address this
Attach screenshots. See attached.
Include your configuration settings, i.e. OS, version of Blesta, PHP & MySQL. Blesta 3.0.3, PHP 5.4.9, MySQL 5.5.32
So, here's the thing. I run a KVM which allows me to set up my own little containers/virtual machines. To get web traffic to and fro easily I have Nginx sitting on the host and it proxies traffic to the appropriate private IP and port (see config further down). When Blesta goes to log an IP of any sort, its a private IP due to this (either 127.0.0.1 [which I got in a "forgot password" email] or 10.0.3.1 [which is my virtual container's gateway IP]). As stated, this is an issue for audit, security and most likely other reasons. Here is my Nginx config for the appropriate information:
From my experience in dealing with detecting proxies, checking the headers for "X-Forwarded-For" is most common, and you can also check for "X-Real-IP" as well. An interesting bit though with Nginx is that it doesn't set the real IP in HTTP_X_REAL_IP. See here:
I know it's not a sure fire way of fixing this issue but maybe check for more proxy headers or something? While I know my set up is technically custom (i.e.: specifying the headers nginx should pass), there could also be an option set in Blesta as to which header to check for, polling from a list of $_SERVER items or making it manually entered.
Question
velaware
So, here's the thing. I run a KVM which allows me to set up my own little containers/virtual machines. To get web traffic to and fro easily I have Nginx sitting on the host and it proxies traffic to the appropriate private IP and port (see config further down). When Blesta goes to log an IP of any sort, its a private IP due to this (either 127.0.0.1 [which I got in a "forgot password" email] or 10.0.3.1 [which is my virtual container's gateway IP]). As stated, this is an issue for audit, security and most likely other reasons. Here is my Nginx config for the appropriate information:
server { listen 443; location / { proxy_set_header X-Forwarded-Proto https; add_header Front-End-Https on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://10.0.3.3:443; } }From my experience in dealing with detecting proxies, checking the headers for "X-Forwarded-For" is most common, and you can also check for "X-Real-IP" as well. An interesting bit though with Nginx is that it doesn't set the real IP in HTTP_X_REAL_IP. See here:
I know it's not a sure fire way of fixing this issue but maybe check for more proxy headers or something? While I know my set up is technically custom (i.e.: specifying the headers nginx should pass), there could also be an option set in Blesta as to which header to check for, polling from a list of $_SERVER items or making it manually entered.
1 answer to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.