Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Incident: Parameter "USE_CUSTOM_REMOTE_IP_HEADER" not working

    Z-Push when using Kopano
    3
    11
    1249
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • darootler
      darootler last edited by

      Date Seen
      13.03.2018

      Versions
      Ubuntu 16.04.4 LTS
      Apache 2.4.18
      Z-Push 2.4.0
      Kopano 8.6.80

      Bug Description
      Since updating to Z-Push 2.4.0 the parameter “USE_CUSTOM_REMOTE_IP_HEADER” with option “HTTP_X_FORWARDED_FOR” is not working as expected. Z-Push is logging the the ip from the reverse proxy instead of the forwarded ip.

          // Use a custom header to determinate the remote IP of a client.
    // By default, the server provided REMOTE_ADDR is used. If the header here set
    // is available, the provided value will be used, else REMOTE_ADDR is maintained.
    // set to false to disable this behaviour.
    // common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)
    define('USE_CUSTOM_REMOTE_IP_HEADER', 'HTTP_X_FORWARDED_FOR');

      Mar 13 13:55:22 server z-push/core[15150]: [WARN] [dfsd] IP: 192.168.2.1 failed to authenticate user 'dfsd'

      Severity
      Minor

      Steps to Reproduce
      Enable the parameter “USE_CUSTOM_REMOTE_IP_HEADER” with option “HTTP_X_FORWARDED_FOR” and the check the apache logs. This is only reproducable if the webserver is behind a reverse proxy.

      Actual Behavior
      The reverse proxy ip is logged.

      Expected Behavior
      The forwarded ip is logged.

      Troubleshooting/Testing Steps Attempted
      I’ve tried to change the parameter to several settings without success. The apache server is logging the correct ip. I’ve set up a testsite within apache and the real ip is displayed within the header “HTTP_X_FORWARDED_FOR”

      Workaround
      No workaround found yet.

      1 Reply Last reply Reply Quote 0
      • Manfred
        Manfred Kopano last edited by

        Hi darootler,

        apache_request_headers() function strips ‘HTTP_’ from the header name and replaces underscores with dashes. So in your case it should be X-FORWARDED-FOR.

        Manfred

        1 Reply Last reply Reply Quote 0
        • Sebastian
          Sebastian Kopano last edited by

          Thanks for the report. I have created a ticket for it https://jira.z-hub.io/browse/ZP-1373

          1 Reply Last reply Reply Quote 0
          • darootler
            darootler last edited by

            Hi,

            option “X-FORWARDED-FOR” is working as expected.

            Thank you for creating the ticket and your help.

            Regards
            Richard

            1 Reply Last reply Reply Quote 0
            • darootler
              darootler last edited by

              Hi,

              i am using the following versions and i am not able to get the “real” ip:

              Ubuntu Ubuntu 18.04.1 LTS
              Apache 2.4.29
              Z-Push 2.4.4
              Kopano 8.6.81

              Regards
              Richard

              1 Reply Last reply Reply Quote 0
              • Manfred
                Manfred Kopano last edited by

                Hi Richard,

                a little bit more context here would be helpful. In your post 7 months ago you wrote that X-FORWARDED-FOR is working as expected.

                What has changed since? What is the value of USE_CUSTOM_REMOTE_IP_HEADER in Z-Push config? Is there DEBUG log level entry like:

                Using custom header 'HTTP_X_FORWARDED_FOR' to determine remote IP ...

                Manfred

                1 Reply Last reply Reply Quote 0
                • darootler
                  darootler last edited by

                  Hi Manfred,

                  i tried the “X-FORWARDED-FOR” and “HTTP_X_FORWARDED_FOR” for “USE_CUSTOM_REMOTE_IP_HEADER”. I installed Z-Push on a new system, so all components changed. The logs are always filled with the private reverse proxy ip.

                  Regards
                  Richard

                  1 Reply Last reply Reply Quote 0
                  • darootler
                    darootler last edited by

                    Hi,

                    the value “X_FORWARDED_FOR” is working as expected. Is this wanted? Didn’t match the description:

                    // Use a custom header to determinate the remote IP of a client.
// By default, the server provided REMOTE_ADDR is used. If the header here set
// is available, the provided value will be used, else REMOTE_ADDR is maintained.
// set to false to disable this behaviour.
// common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)

                    Regards
                    Richard

                    Manfred 1 Reply Last reply Reply Quote 0
                    • Manfred
                      Manfred Kopano last edited by

                      This post is deleted!
                      1 Reply Last reply Reply Quote 0
                      • Manfred
                        Manfred Kopano @darootler last edited by

                        Hi Richard,

                        @darootler said in Incident: Parameter "USE_CUSTOM_REMOTE_IP_HEADER" not working:

                        Hi,

                        the value “X_FORWARDED_FOR” is working as expected. Is this wanted? Didn’t match the description:

                        // Use a custom header to determinate the remote IP of a client.
// By default, the server provided REMOTE_ADDR is used. If the header here set
// is available, the provided value will be used, else REMOTE_ADDR is maintained.
// set to false to disable this behaviour.
// common values: 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP' (casing is ignored)

                        Regards
                        Richard

                        The description says “common values”, but it doesn’t mean that only these values are possible. It also depends if you’re using modphp or php-fpm, which webserver etc. Therefore USE_CUSTOM_REMOTE_IP_HEADER is configurable so that it can be changed to match one’s needs.

                        X_FORWARDED_FOR is also a common header: https://en.wikipedia.org/wiki/X-Forwarded-For

                        Manfred

                        1 Reply Last reply Reply Quote 0
                        • darootler
                          darootler last edited by

                          Okay, thank you for your help.

                          Regards
                          Richard

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post