View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002229||SOGo||Backend General||public||2013-02-05 10:07||2013-02-07 13:02|
|Fixed in Version||2.0.5|
|Summary||0002229: X-Forwarded-For in sogo.log of fail2ban|
In a proxy setup the sogo.log does not show the ip of the acutal client.
Printing the X-Forwarded-For into the logile would help to secure sogo via fail2ban (http://www.fail2ban.org)
To secure the account via LDAP password retries is no good solution, because DOS is possible.
I would be able and willing to implement and post fail2ban configuration, after the implementation of this feature request.
|Tags||No tags attached.|
Fixed with this commit: https://github.com/inverse-inc/sope/commit/b45dbb52984cc5dd62c5a5e589f164dbbc26309f
This will be part of the next nightly build, can you test it and confirm that it works as expected?
If you prepare a fail2ban config, consider posting it (mailling list or here), we could include it in the distribution.
sogo_mod.log (1,151 bytes)
This would do for my purpose, however I would need to write a script to put together the multiline-output to a single-lined-file, as fail2ban does single-line regexp, only. This could be achieved putting the IP into the error line of the password policy:
Than, the regexp for fail2ban is quite ovious:
so: can you please add a "from '<HOST>'" to the logfile - should be sogod?
ps.: when it works, i'll be happy to provid full fail2ban config for the distro.
Feb 06 09:22:14 sogod : SOGoRootPage successful login from '192.168.1.31' for user 'sogo2' - expire = -1 grace = -1
As per the commit message, keep in mind that the x-forwarded-for header may contain more than one ip separated by a coma if the request went through more than one proxy.
Now thats awesome, thank you!
I will then hopefully be able to support comma separated ips for multi-hops, or at least to use the first one (orignial client), only.
Thank you very much, I think this feature request is compleated now!
|2013-02-05 10:07||Arnd||New Issue|
||Status||new => assigned|
||Assigned To||=> jraby|
||Note Added: 0005340|
||Status||assigned => feedback|
|2013-02-06 02:55||Arnd||File Added: sogo_mod.log|
|2013-02-06 02:56||Arnd||Note Added: 0005352|
|2013-02-06 02:57||Arnd||Note Edited: 0005352|
|2013-02-06 03:01||Arnd||Note Edited: 0005352|
||Note Added: 0005354|
|2013-02-06 10:15||Arnd||Note Added: 0005358|
|2013-02-07 06:07||Arnd||Note Added: 0005369|
||Status||feedback => resolved|
||Resolution||open => fixed|
||Fixed in Version||=> 2.0.5|