[Xymon] Use X-Forwarded-For header for client IP?

[Jeremy Laidman]

Hi Shawn

Xymon's enadis CGI gets the IP address from the webserver's REMOTE_HOST or
REMOTE_ADDR variables. Depending on the web server you're using, there may
be zero or more ways to make this work.

For instance, there are Apache modules that can do this: mod_rpaf (reverse
proxy add forward), mod_extract_forwarded and mod_remoteip
<https://httpd.apache.org/docs/current/mod/mod_remoteip.html>(the latter
seemingly the most common method, but also seems to be the most
feature-full = complicated). Also, it's possible to use SetEnvIf to capture
the IP address from the header and assign it to REMOTE_ADDR (although note
that there can be multiple IP addresses in an X-Forwarded-For value if
there are multiple proxies in a chain so you'd want to extract the first
(left-most) IP to get the client IP).

Be warned that it's trivial for an attacker to create an X-Forwarded-For
header, so your reverse proxies should strip this header if it exists,
before adding their own. There may be other implications.

Cheers
Jeremy


On Wed, 23 Jun 2021 at 13:27, Shawn Heisey <hobbit at elyograg.org> wrote:

> I have all my websites behind a reverse proxy.  For those who might be
> interested, it's haproxy.  I'm using it because it handles all the TLS
> and can be easily configured to handle DDOS attacks.
>
> Is it difficult to get xymon to use the X-Forwarded-For header?  Did
> some googline and came up empty.  I have some disabled tests, and this
> is what it says:
>
> Disabled by: elyograg @ 127.0.0.1
>
> I would like to see the real IP address there.  I've got Xymon 4.3.28
> installed from source.
>
> Thanks,
> Shawn
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20210624/4e922ccf/attachment.htm>