Remote ip-Support through a Proxy
I access my webmail through an Apache web-proxy. and the requesting IP in the log file is set to a local address.
Here's an example entry:
Code:
08-04-2016 17:26:05 2016-04-08 17:26:05 +0200 02 servername WEBMAIL:0003397B: Authentication error for user 'user@mydomain.de': Invalid password from 127.0.0.1
My Apache Virtual-Host:
Code:
<VirtualHost mail.mydomain.de:80>
ServerName mail.mydomain.de
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.0/8
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:8080/$1 [P]
RequestHeader set X-Forwarded-For on
</VirtualHost>
I want to add a Fail2Ban routine on my failed logon attemps, but I can not block an unwanted IP in cause of the local address everytime.
Please add support fot the X-Forwarded-For field in the HTTP-Header.
Support for X-Forwarded-For is available starting with Axigen 10.3.3.3.
On another note, Proxy Protocol support will be also added in Axigen X4 (although it’s debatable whether or not it’s part of the scope of this feature request).
-
Bradley Silverman commented
Hi Gabriel, thanks for adding this in and letting us know about Proxy Protocol, any ETA on X4, can't wait to get Proxy Protocol to fix the out logging!
-
Jonathan commented
It would be better to use 'Proxy Protocol' than 'X-Forwarded-For' since X-Forwarded-For only works for HTTP from my understanding. Where as Proxy Protocol will cover SMTP, POP & IMAP as well?
-
nisar commented
are you kidding me?????????? Please add support fot the X-Forwarded-For
-
Joel commented
Nginx uses proxy_protocol but I believe we can use it to send X-Forward-For as well.
Basically anything that made Axigen aware of a secondary IP. I'm surprised we don't have this for people that want to use Proxies, Load balancers, and any thing else that might require it! -
Kyle Vail commented
Is there any movement on this idea? Looking at a cluster but without proper IP forwarding from some sort of load balancer we can't really do much.
-
Bradley Silverman commented
Double up of this request:
https://axigen.uservoice.com/forums/294255-general/suggestions/13879920-remote-ip-support-through-a-proxy -
Bradley Silverman commented
This is a a huge missing feature, especially for anyone using Axigen as a cluster like we are.
We have a load balancer in front of our Front End nodes, as per Axigen's recommended configuration, however the IP in the logs of the Axigen cluster all show the internal IP of the Load Balancer.
All Load balancers I've seen support 'X-Forwarded-For' but when enabled Axigen doesn't use it.
Please implement :) -
Anonymous commented
Hi, i'd like the Axigen Imap/Pop/Smtp Proxy to be able to understand the PROXY protocol from HAproxy.
In this way we could use HAproxy load balancer in front of frontend nodes (proxy nodes) giving up on logging the real client IP.
As of now, whichever the application load balancer we use, all the Axigen nodes see the connection coming from the balancer, instead of coming from the client ip.