You are aware that the talk is about a piece of information (IP) the basic
service (indeed apache) has naturally.
Your explanation alone shows how broken by design the thing is. You need a
logfile, a database, a script and a layer 7 firewall for obtaining an IP?
And then you call it easy. Gimme a break...
On Fri, 26 Apr 2024 10:51:01 -0700
Sean Hulbert <shulb...@securitycentric.net.INVALID> wrote:
> This is easy,
>
> 1. Use a SIEM on the NGINX or Apache log files set your trigger to look
> for the api token.
>
> 2. Parse the log file directly using bash awk sed if fi else then pull
> the IP address
>
> 3. Create a new table in the Guacamole database then add a variable to
> the connection info page, take option 2 and inject the IP to the new
> table to be displayed.
>
> 4. Put a Layer 7 firewall in front of the Guacamole system and capture
> all data streams to and from (assuming this is external use).
>
>
>
> *Thank You*
> Sean Hulbert
> *Founder / CEO*
>
>
> *Security Centric Inc.*
> A Cybersecurity Virtualization Enablement Company
> /StormCloud Gov, Protected CUI Environment!/
>
>
> Industry's most secure virtual desktops!
>
>
> */FedRAMP MIL4 in process (RAR)/*
> System Award Management
> *CAGE: 8AUV4*
> *SAM ID: UMJLJ8A7BMT3*
>
> AFCEA San Francisco Chapter President
> If you have heard of a hacker by name, he/she has failed, fear the
> hacker you haven’t heard of!
>
> CONFIDENTIALITY NOTICE: This communication with its contents may contain
> confidential and/or legally privileged information. It is solely for the
> use of the intended recipient(s). Unauthorized interception, review, use
> or disclosure is prohibited and may violate applicable laws including
> the Electronic Communications Privacy Act. If you are not the intended
> recipient, please contact the sender and destroy all copies of the
> communication. Content within this email communication is not legally
> binding as a contract and no promises are guaranteed unless in a formal
> contract outside this email communication.
>
> igitur qui desiderat pacem, praeparet bellum!!!
>
> Epitoma Rei Militaris
>
> On 4/26/2024 6:10 AM, Nick Couchman wrote:
> > On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
> > <manuel.molina-de-la-igle...@veolia.com.invalid> wrote:
> >
> > Hello,
> >
> > After following the provided documentation, I cannot find a
> > solution to get the real client IP.
> >
> > I have my application (PHP) on the same Guacamole Server, this
> > application gets the user token:
> >
> > image.png
> >
> > The Tomcat log (after use the following pattern on the server.xml
> > valve) I use: %{x-forwarded-for}i %l %u %t "%r" %s %b
> >
> > The log is OK (display the user IP)
> >
> > image.png
> >
> >
> > This does not look like the Tomcat log, this looks like a log for
> > httpd or Nginx, which means *that* is getting your client IP address.
> > Do you have your Proxy configured to pass the X-Forwarded-For header
> > through to Tomcat?
> >
> > -Nick
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
