Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
proget - Enhancement request: show value of X-Forwarded-For header
-
Hi guys,
If running proget behind a reverse-proxy (or a load-balancer), currently the IP address of that reverse-proxy is shown if some client-related error (or exception) happens.
I had some cases where a client (apt) in the local net was misconfigured and sent requests to obsolete feeds. In order to figure out which client was the culprit, I had to correlate log timestamps from proget and the reverse-proxy.Therefore:
It would be very useful, to use the value of the
X-Forwarded-For
http header (if it exists) when generating Warnings or Exceptions in the logs. So the actual IP-Address of the client causing an error would be shown instead of the proxy address. This also should be configurable to happen only, if the remote address (or perhaps a subnet in case of load balancers) is a proxy known to the administrator in order to prevent spoofing by malicious users.At least apache and caddy set this header by default, if running in reverse proxy mode. Nginx can do that with a single line in the config which is well documented:
proxy_set_header X-Forwarded-For $remote_addr;
What do you think?
Cheers
-Fritz
-
Hi @felfert,
So far as I can tell, the IP isn't currently logged in these messages... I can see how that would be helpful.
I can certainly do that (which would then show the X-Forwarded when available), but I wanted to make sure I'm looking in the right place. Because I don't see IP info now.
Thanks,
Alana
-
@atripp I did write this from memory and I don't recall where exactly I saw the IP logged. But I usually look only in two places:
- Diagnostic center
- Stdout/Stderr of the docker container which the podmad quadlets conveniently log into the host's system journal.
Unfortunately the system journal has just been rotated (1st of September) and I keep old logs only for the last month so I looked into the August logs, but the error (something reladed to an old Debian feed) wasn't in there either. Must have happened before.
Anyway, it would be very useful if you log either the remote-ip or (if exists) the X-Forwarded-For header value.
Something like this (pseudo code based on C):
printf("some error from %s", (xForwardedValue && strlen(xForwardedValue)) ? xForwardedValue : remoteIp);
Cheers
-Fritz
-