Zimbra: unable to get rid of DoSFilter trapping



  • @maxxer said in Zimbra: unable to get rid of DoSFilter trapping:

    In Zimbra I’ve whitelisted the server public IP address, localhost addresses and the office IP.

    Did you also whitelist the Z-Push server IP address? That is the most important one.



  • Yes, of course the zpush and zimbra itself public IPs are whitelisted, v4 and v6.

    Unfortunately I currently don’t have an apache set up, I must install it. I checked another installation I have and it seems the IP is doubled every time.



  • I managed to work around the issue by setting ZIMBRA_URL directly to Jetty on port 8443, instead of passing through nginx. Now the logged oip is the correct one and it’s not joined with nginx’s IP.

    I still have to figure out why zimbra is logging the two IP addresses together, but in the meantime I’m not trapped by DoSFilter



  • @maxxer said in Zimbra: unable to get rid of DoSFilter trapping:

    I managed to work around the issue by setting ZIMBRA_URL directly to Jetty on port 8443, instead of passing through nginx. Now the logged oip is the correct one and it’s not joined with nginx’s IP.

    I still have to figure out why Zimbra is logging the two IP addresses together, but in the meantime I’m not trapped by DoSFilter

    Hi, could you please share the steps on how to do this :

    setting `ZIMBRA_URL` directly to Jetty on port 8443, instead of passing through nginx.
    

    I’m trying to solve an issue on my single server setup, and this could help.

    Thank you.

    Regards.
    JG



  • @jasgggit just set as ZIMBRA_URL https://your.domain.com:8443 instead of the plain https port. this skips nginx, and at least Zimbra logs will see the original IP



  • @maxxer said in Zimbra: unable to get rid of DoSFilter trapping:

    @jasgggit just set as ZIMBRA_URL https://your.domain.com:8443 instead of the plain https port. this skips nginx, and at least Zimbra logs will see the original IP

    Thanks for the reply.
    I’ll check it, but since I’m using the 443 port as ZIMBRA_URL “https:/my.zimbra.com” , you saying if I specify the port as 8443 it should go to the jetty instead of Nginx ?

    I’l try nevertheless, thank you.
    Regards.
    JG



  • you saying if I specify the port as 8443 it should go to the jetty instead of Nginx ?

    yes!



  • @maxxer said in Zimbra: unable to get rid of DoSFilter trapping:

    I managed to work around the issue by setting ZIMBRA_URL directly to Jetty on port 8443, instead of passing through nginx. Now the logged oip is the correct one and it’s not joined with nginx’s IP.

    I still have to figure out why zimbra is logging the two IP addresses together, but in the meantime I’m not trapped by DoSFilter

    Beware of pointing z-push directly at jetty as the authentication is all handled by the nginx proxy. You will likely have issues downloading attachments and accessing shared folders - particularly if you have a multi-server environment.



  • @liverpoolfcfan said in Zimbra: unable to get rid of DoSFilter trapping:

    Beware of pointing z-push directly at jetty as the authentication is all handled by the nginx proxy. You will likely have issues downloading attachments and accessing shared folders - particularly if you have a multi-server environment.

    I know it’s not correct but I’m unable to understand why it keeps logging two IPs, and thus blacklisting the Z-Push IP.

    Do you have the same logging format?



  • I use Apache for z-push - so that is an obvious place to look for you to start as you are using NGinx

    In my mailbox.log file the entries show 2 IP Addresses - oip=Device_IP, Z-Push-Server_IP;

    I do not have anything set in the z-push config file for
    // define(‘USE_CUSTOM_REMOTE_IP_HEADER’, ‘X-FORWARDED-FOR’);
    // define(‘USE_X_FORWARDED_FOR_HEADER’, true);
    Both are commented out.

    I have no issues with the DosFilter.


Log in to reply