[Xymon] Use X-Forwarded-For header for client IP?

René Vermare rene at vermare.net
Fri Jun 25 19:34:46 CEST 2021


Hi,

You can also use this patch.

Cheers,

René

Op donderdag 24-06-2021 om 18:41 uur [tijdzone +1000], schreef Jeremy
Laidman:
> Hi Shawn
> 
> 
> Xymon's enadis CGI gets the IP address from the webserver's
> REMOTE_HOST or REMOTE_ADDR variables. Depending on the web server
> you're using, there may be zero or more ways to make this work.
> 
> 
> For instance, there are Apache modules that can do this: mod_rpaf
> (reverse proxy add forward), mod_extract_forwarded and mod_remoteip
> (the latter seemingly the most common method, but also seems to be the
> most feature-full = complicated). Also, it's possible to use SetEnvIf
> to capture the IP address from the header and assign it to REMOTE_ADDR
> (although note that there can be multiple IP addresses in an
> X-Forwarded-For value if there are multiple proxies in a chain so
> you'd want to extract the first (left-most) IP to get the client IP).
> 
> 
> Be warned that it's trivial for an attacker to create an
> X-Forwarded-For header, so your reverse proxies should strip this
> header if it exists, before adding their own. There may be other
> implications.
> 
> 
> Cheers
> Jeremy
> 
> 
> 
> On Wed, 23 Jun 2021 at 13:27, Shawn Heisey <hobbit at elyograg.org>
> wrote:
> 
>         I have all my websites behind a reverse proxy.  For those who
>         might be 
>         interested, it's haproxy.  I'm using it because it handles all
>         the TLS 
>         and can be easily configured to handle DDOS attacks.
>         
>         Is it difficult to get xymon to use the X-Forwarded-For
>         header?  Did 
>         some googline and came up empty.  I have some disabled tests,
>         and this 
>         is what it says:
>         
>         Disabled by: elyograg @ 127.0.0.1
>         
>         I would like to see the real IP address there.  I've got Xymon
>         4.3.28 
>         installed from source.
>         
>         Thanks,
>         Shawn
>         
>         _______________________________________________
>         Xymon mailing list
>         Xymon at xymon.com
>         http://lists.xymon.com/mailman/listinfo/xymon
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon

_____________________________________________________
This message has been scanned for viruses with ClamAV
at vermare.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xymon4329-x_forwarded.patch
Type: text/x-patch
Size: 999 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20210625/2786ba35/attachment.bin>


More information about the Xymon mailing list