Logging LAN IP address

milauria

When doing ‘z-push-top’ I noticed that my iDevices syncing from within my LAN 192.168.x.x show as connecting from the static public IP of my LAN.

I played with the following setting but no result, true or false, it shows my public IP (that’s is ok as I am not behind a proxy):

// When accessing through a proxy, the "X-Forwarded-For" header contains the original remote IP
   define('USE_X_FORWARDED_FOR_HEADER', false);

My z-push is running on Centos7+Nginx directly exposed to the internet (and to the LAN) … any idea ho to log the LAN IP for LAN-connected devices ?

umgfoin

As we don’t have direct access to your LAN, tell us about it…

• where’s your z-push-host: LAN, different LAN, WAN?
• “static”-IP = public-IP?
• Do you use NAT in your LAN2WAN-router?

NGINX might set theHTTP_X_REAL_IP header instead of HTTP_X_FORWARDED_FOR.
With current z-push-implementation (2.3.9beta), the HTTP_X_REAL_IP-header seems to be evaluated correctly, even with USE_X_FORWARDED_FOR_HEADER unset. With earlier version, this was not the case.
Nevertheless, you will see public-interface V4IPs for NATed clients. IPV6 clients are shown with their device-ip.

Ref ZP-1183 and here How to protect webapp -- fail2ban

++umgfoin.

milauria

Thanks for the answer and let me clarify

Z-push and nginx both sit on the same server with LAN IP eg 192.168.0.100 (as side note my mail server sits on another LAN IP eg 192.168.0.110).

The z-push/nginx connects through a router to the internet that has a static ‘public IP’ and the nginx does not act as a reverse proxy in front of z-push (same server).

Problem is z-push-top shows the iPhone with the ‘public IP’ instead of the device ‘LAN IP’ (when the device is connected through the LAN Wifi)

Where should I try the HTTP_X_REAL_IP header that you suggest ? in Nginx conf ? what would be the complete syntax ? Is it maybe a hosts or DNS problem ? Should I try the 2.3.9 alpha ?

milauria

Seems I am going nowhere and thinking to ditch Nginx in favour of stock Apache … configuring Nginx seems uber-complicated :-(
So this is my conf:

location ~* /Microsoft-Server-ActiveSync {
            access_log  /var/log/nginx/z-push-access.log;
            error_log   /var/log/nginx/z-push-error.log;
            fastcgi_param SCRIPT_FILENAME /usr/share/z-push/index.php;
            fastcgi_param   PHP_FLAG "magic_quotes_gpc=off \n register_globals=off \n magic_quotes_runtime=off \n short_open_tag=on";
            fastcgi_param   PHP_VALUE "post_max_size=20M \n upload_max_filesize=20M \n max_execution_time=3660";
            fastcgi_param   HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
            fastcgi_read_timeout 3540; # Z-Push Ping might run 3600s, but to be safe
            fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
            include fastcgi_params;
            real_ip_header HTTP_X_REAL_IP;
    }

I have tried all possible combination of 'real_ip_header" with no changes being observed… Z-push logs devices on LAN as if they are connecting from public IP

milauria

For the records I found out the problems was on the phone DNS settings … problem clarified