Hello! I changed my server.xml file according to the recommendations
internalProxies="127\.0\.0\.1" external addresses actually began to be
displayed correctly, but when connecting from the local network, the
local network gateway address is displayed. Any ideas on how to fix this
(I use the Docker version)
26.10.2023 16:01, Prakhar Jalan пишет:
Thanks Lorenzo!
------------------------------------------------------------------------
*From:* MAURIZI Lorenzo <l.maur...@comune.jesi.an.it>
*Sent:* Thursday, October 26, 2023 15:52
*To:* user@guacamole.apache.org <user@guacamole.apache.org>
*Subject:* R: Bad user remote IP
Hello,
you should start from official Guacamole documentation about setting
the Remote IP Valve:
https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
<https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve>
taking into account that the
internalProxies
property must be set as a regular expression, as indicated in tomcat
documentation here:
https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html
I think that the guacamole documentation should be changed to take
this information into account, as the shown example seems to be incorrect:
*<Valve*className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"*/>*
because in regular expression, the dot is “any character except
newline”, while in this case the correct syntax would be
internalProxies="127\.0\.0\.1"
to match the literal dot and the exact 127.0.0.1 IP address
Best regards.
Lorenzo
*Da:*Prakhar Jalan <prakhar@terralink.cloud>
*Inviato:* giovedì 26 ottobre 2023 11:56
*A:* user@guacamole.apache.org
*Oggetto:* Re: Bad user remote IP
Hello,
I am facing the same issue. Could you please provide the exact steps
to log the ACTUAL IP of the user?
Thanks a ton!
Prakhar
------------------------------------------------------------------------
*From:*Maciej Konigsman <maciej.konigsman@eatit.cloud
<mailto:maciej.konigsman@eatit.cloud>>
*Sent:* Wednesday, October 25, 2023 18:21
*To:* user@guacamole.apache.org <mailto:user@guacamole.apache.org>
<user@guacamole.apache.org <mailto:user@guacamole.apache.org>>
*Subject:* Re: Bad user remote IP
Thanks for your help.
It works with the following
internalProxies="127\.\d+\.\d+\.\d+|10\.\d+\.\d+\.\d+"
127... - for nginx running on the same server as Guacamole
10... - AWS private network
On Wed, 25 Oct 2023 at 13:25, Henri Alves de Godoy
<henri.go...@fca.unicamp.br <mailto:henri.go...@fca.unicamp.br>> wrote:
Hi all,
the remote ip registration only worked when I put the options
below in server.xml
-------
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
<Valve
className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="combined" requestAttributesEnabled="true" />
----------
Att,
Henri.
Em qua., 25 de out. de 2023 às 08:16, Nick Couchman
<vn...@apache.org <mailto:vn...@apache.org>> escreveu:
On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman
<maciej.konigsman@eatit.cloud
<mailto:maciej.konigsman@eatit.cloud>> wrote:
Valve config
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
What private subnet applies to your ELB?
ELB is in the same subnet as the EC2 instance where
Guacamole is installed.
Presumably the ELB is not running on the localhost
(127.0.0.1), so I suspect that you need the actual IP
address(es) and/or subnets of the ELB placed into the
"internalProxies" property in this valve.
-Nick
--
