OPNsense Forum
English Forums => General Discussion => Topic started by: W0nderW0lf on July 22, 2022, 11:42:26 am
-
Hello everyone,
I experience that my Server with fail2ban - bans the proxy instead of the attacker.
I thought the header X-Forwarded-For has been hardcoded into NGINX. Either it's a bug, or it's an option I can't find.
Any idea where to set the header, or is this something for a bugreport?
-
Hi
yes, X-Forwarded-For is added by default
https://github.com/opnsense/plugins/blob/0be58a3abbad1ea1518a8b810cd6261b7bf5d878/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/location.conf#L163-L167
are you sure that you using this header values wright (header contains source and proxy(ies) address(es))?
-
Hi Fright,
I have not edited the header configs. If it's default, most of my proxy config for this one host is too.
Do you think I have to change the incoming header (on the server with fail2ban) to read explicitly the source adress?
Any idea where I can filter this on my server?
-
X-REAL-IP delivers the source IP address of the connection to nginx.
-
@W0nderW0lf
Hi
i think you need to look at your backend access log for actual XFF header value (logging or behavior may be set differently on different backends (say IIS vs Apache): may contain quotes or multiple addresses or something else) and adapt the fail2ban filter according to the XFF log format
-
Hi, thanks guys. :)
So many options, I overlooked that there is this "Real IP Source" in HTTP Server config. I've set it to X-Forwarded-For. I hope this will do the trick.
-
This is for the case, where OPNsense is behind a Proxy.