[MAGNOLIA-6960] Incorrect remote client IP address captured in audit log Created: 21/Feb/17  Updated: 12/Nov/19

Status: Open
Project: Magnolia
Component/s: core
Affects Version/s: 5.4.7, 5.5
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Enovax Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: audit
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows Server 2012 R2, Oracle Linux 7


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Incorrect remote client IP address captured in audit log when Magnolia CMS hosted behind proxy server or reverse proxy or security gateway or firewall.

Magnolia CMS should not rely on request.getRemoteAddr() to get client remote address. X-Forwarded-For header should be taken into consideration or configuration to be provided to customise the audit log to include extra information from client request.



 Comments   
Comment by Jan Schulte [ 12/Nov/19 ]

 

{{}}

 public static String getClientIpAddr(HttpServletRequest request) {  
     String ip = request.getHeader("X-Forwarded-For");  

     if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("Proxy-Client-IP");  
     }  

     if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("WL-Proxy-Client-IP");  
     }  
     if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("HTTP_CLIENT_IP");  
     }  

     if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getHeader("HTTP_X_FORWARDED_FOR");  
     }

     if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {  
        ip = request.getRemoteAddr();  
     }  

     return ip;  
  }  

 

Generated at Mon Feb 12 04:19:27 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.