NGINX X-Forwarded-For not working

Started by W0nderW0lf, July 22, 2022, 11:42:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 22, 2022, 11:42:26 AM
Hello everyone,

I experience that my Server with fail2ban - bans the proxy instead of the attacker.
I thought the header X-Forwarded-For has been hardcoded into NGINX. Either it's a bug, or it's an option I can't find.
Any idea where to set the header, or is this something for a bugreport?
July 22, 2022, 02:01:29 PM #1
Hi
yes, X-Forwarded-For is added by default
https://github.com/opnsense/plugins/blob/0be58a3abbad1ea1518a8b810cd6261b7bf5d878/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/location.conf#L163-L167
are you sure that you using this header values wright (header contains source and proxy(ies) address(es))?
July 23, 2022, 01:04:41 AM #2
Hi Fright,

I have not edited the header configs. If it's default, most of my proxy config for this one host is too.
Do you think I have to change the incoming header (on the server with fail2ban) to read explicitly the source adress?
Any idea where I can filter this on my server?
July 23, 2022, 08:47:31 AM #3
X-REAL-IP delivers the source IP address of the connection to nginx.
July 23, 2022, 11:00:55 AM #4
@W0nderW0lf
Hi
i think you need to look at your backend access log for actual XFF header value (logging or behavior may be set differently on different backends (say IIS vs Apache): may contain quotes or multiple addresses or something else) and adapt the fail2ban filter according to the XFF log format
July 24, 2022, 09:15:21 AM #5
Hi, thanks guys. :)
So many options, I overlooked that there is this "Real IP Source" in HTTP Server config. I've set it to X-Forwarded-For. I hope this will do the trick.
July 24, 2022, 07:05:59 PM #6
This is for the case, where OPNsense is behind a Proxy.
Print
Go Up Pages1
User actions