Bug #26847: Brute-force protection being triggered using haproxy - Foreman

Actions

Copy link

Bug #26847

open

Brute-force protection being triggered using haproxy

Added by Luis Pigueiras over 5 years ago. Updated over 5 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Authentication

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

When using a haproxy in front of Foreman, the IP that is being checked in failed logins is the one for haproxy. So 30 authentications in 5 minutes coming from the same haproxy blocks all the logins coming from that haproxy.

https://github.com/theforeman/foreman/blob/7995d863de877ba9aa6071c6943d528ce591df07/app/controllers/concerns/foreman/controller/bruteforce_protection.rb#L5

Should it use request.remote_ip instead of request.ip to make it work with X-Forwarded-For headers?

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #26847

Brute-force protection being triggered using haproxy

Updated by Lukas Zapletal over 5 years ago