[MAGNOLIA-6960] Incorrect remote client IP address captured in audit log Created: 21/Feb/17 Updated: 12/Nov/19 |
|
| Status: | Open |
| Project: | Magnolia |
| Component/s: | core |
| Affects Version/s: | 5.4.7, 5.5 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Enovax | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | audit | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Windows Server 2012 R2, Oracle Linux 7 |
||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
Incorrect remote client IP address captured in audit log when Magnolia CMS hosted behind proxy server or reverse proxy or security gateway or firewall. Magnolia CMS should not rely on request.getRemoteAddr() to get client remote address. X-Forwarded-For header should be taken into consideration or configuration to be provided to customise the audit log to include extra information from client request. |
| Comments |
| Comment by Jan Schulte [ 12/Nov/19 ] |
|
|