• When doing ‘z-push-top’ I noticed that my iDevices syncing from within my LAN 192.168.x.x show as connecting from the static public IP of my LAN.

    I played with the following setting but no result, true or false, it shows my public IP (that’s is ok as I am not behind a proxy):

    // When accessing through a proxy, the "X-Forwarded-For" header contains the original remote IP
       define('USE_X_FORWARDED_FOR_HEADER', false);

    My z-push is running on Centos7+Nginx directly exposed to the internet (and to the LAN) … any idea ho to log the LAN IP for LAN-connected devices ?

  • As we don’t have direct access to your LAN, tell us about it…

    • where’s your z-push-host: LAN, different LAN, WAN?
    • “static”-IP = public-IP?
    • Do you use NAT in your LAN2WAN-router?

    NGINX might set theHTTP_X_REAL_IP header instead of HTTP_X_FORWARDED_FOR.
    With current z-push-implementation (2.3.9beta), the HTTP_X_REAL_IP-header seems to be evaluated correctly, even with USE_X_FORWARDED_FOR_HEADER unset. With earlier version, this was not the case.
    Nevertheless, you will see public-interface V4IPs for NATed clients. IPV6 clients are shown with their device-ip.

    Ref ZP-1183 and here How to protect webapp -- fail2ban


  • Thanks for the answer and let me clarify

    Z-push and nginx both sit on the same server with LAN IP eg (as side note my mail server sits on another LAN IP eg

    The z-push/nginx connects through a router to the internet that has a static ‘public IP’ and the nginx does not act as a reverse proxy in front of z-push (same server).

    Problem is z-push-top shows the iPhone with the ‘public IP’ instead of the device ‘LAN IP’ (when the device is connected through the LAN Wifi)

    Where should I try the HTTP_X_REAL_IP header that you suggest ? in Nginx conf ? what would be the complete syntax ? Is it maybe a hosts or DNS problem ? Should I try the 2.3.9 alpha ?

  • Seems I am going nowhere and thinking to ditch Nginx in favour of stock Apache … configuring Nginx seems uber-complicated :-(
    So this is my conf:

    location ~* /Microsoft-Server-ActiveSync {
                access_log  /var/log/nginx/z-push-access.log;
                error_log   /var/log/nginx/z-push-error.log;
                fastcgi_param SCRIPT_FILENAME /usr/share/z-push/index.php;
                fastcgi_param   PHP_FLAG "magic_quotes_gpc=off \n register_globals=off \n magic_quotes_runtime=off \n short_open_tag=on";
                fastcgi_param   PHP_VALUE "post_max_size=20M \n upload_max_filesize=20M \n max_execution_time=3660";
                fastcgi_param   HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
                fastcgi_read_timeout 3540; # Z-Push Ping might run 3600s, but to be safe
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                include fastcgi_params;
                real_ip_header HTTP_X_REAL_IP;

    I have tried all possible combination of 'real_ip_header" with no changes being observed… Z-push logs devices on LAN as if they are connecting from public IP

  • For the records I found out the problems was on the phone DNS settings … problem clarified