Project

General

Profile

Bug #32019

all requests are logged as coming from 127.0.0.1 in production.log

Added by Evgeni Golov 4 months ago. Updated about 2 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Ohai,

this is on EL7 nightly, but I think all puma deploys are affected.

My production.log is full of

2021-03-05T08:57:04 [I|app|e0cfbd4f] Started GET "/users/login" for 127.0.0.1 at 2021-03-05 08:57:04 +0000

Whereas I'd expect to see the real IP address of the remote system here. Apache logs look correct:

192.168.122.1 - - [05/Mar/2021:08:57:04 +0000] "GET /users/login HTTP/1.1" 200 1283 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0" 

Related issues

Related to Foreman - Feature #30779: Use ActionDispatch::RemoteIp when working as a reverse proxyClosed

History

#1 Updated by Ewoud Kohl van Wijngaarden 4 months ago

I believe https://github.com/theforeman/foreman/pull/7960 (#30779) is needed to fix this. Then it would properly understand the remote IP set via HTTP headers. The challenge there is to do it securely and not break Katello.

#2 Updated by Ewoud Kohl van Wijngaarden 4 months ago

  • Related to Feature #30779: Use ActionDispatch::RemoteIp when working as a reverse proxy added

#3 Updated by Marek Hulán 3 months ago

  • Category set to Authentication

#4 Updated by Marek Hulán 3 months ago

  • Bugzilla link set to 1939944

#5 Updated by Marek Hulán 3 months ago

  • Status changed from New to Closed
  • Fixed in Releases 2.5.0 added
  • Pull request https://github.com/theforeman/foreman/pull/7960 added

turned out to be a dupe, closing and linked the fixing PR.

#6 Updated by Tomer Brisker about 2 months ago

  • Status changed from Closed to Duplicate

Also available in: Atom PDF