NGINX X-Forwarded-For not working

[W0nderW0lf]

Hello everyone,

I experience that my Server with fail2ban - bans the proxy instead of the attacker.
I thought the header X-Forwarded-For has been hardcoded into NGINX. Either it's a bug, or it's an option I can't find.
Any idea where to set the header, or is this something for a bugreport?

[Fright]

Hi
yes, X-Forwarded-For is added by default
https://github.com/opnsense/plugins/blob/0be58a3abbad1ea1518a8b810cd6261b7bf5d878/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/location.conf#L163-L167
are you sure that you using this header values wright (header contains source and proxy(ies) address(es))?

[W0nderW0lf]

Hi Fright,

I have not edited the header configs. If it's default, most of my proxy config for this one host is too.
Do you think I have to change the incoming header (on the server with fail2ban) to read explicitly the source adress?
Any idea where I can filter this on my server?

[fabian]

X-REAL-IP delivers the source IP address of the connection to nginx.

[Fright]

@W0nderW0lf
Hi
i think you need to look at your backend access log for actual XFF header value (logging or behavior may be set differently on different backends (say IIS vs Apache): may contain quotes or multiple addresses or something else) and adapt the fail2ban filter according to the XFF log format

[W0nderW0lf]

Hi, thanks guys.
So many options, I overlooked that there is this "Real IP Source" in HTTP Server config. I've set it to X-Forwarded-For. I hope this will do the trick.

[fabian]

This is for the case, where OPNsense is behind a Proxy.