Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RestAccessLogFilter to use X-Forwarded-For set by trusted proxies #1981

Merged
merged 4 commits into from May 24, 2016
Merged

RestAccessLogFilter to use X-Forwarded-For set by trusted proxies #1981

merged 4 commits into from May 24, 2016

Conversation

@mikkolehtisalo
Copy link
Contributor

@mikkolehtisalo mikkolehtisalo commented Mar 28, 2016

Solves #1816 for the REST API audit logging.

  • Introduces new configuration value trusted_proxies (comma separated list of IPs, and subnets)
  • Adds RestTools method for RestAccessLogFilter, returning X-Forwarded-For value for logging, if the header was set by trusted proxy
  • As result the REST access log produces client addresses instead of load balancer's address

The same configuration value could be used also for the HTTP based input transports for similar logic, fixing faulty gl2_remote_ip, and similar. Also using the same configuration value for REMOTE_USER implementation could be possible.

@bernd bernd added the feature label Mar 29, 2016
@bernd bernd added this to the 2.1.0 milestone Mar 29, 2016
@runningman84
Copy link

@runningman84 runningman84 commented Apr 13, 2016

It would be really great if you would show the last used IP address in the user list.

@mikkolehtisalo
Copy link
Contributor Author

@mikkolehtisalo mikkolehtisalo commented Apr 13, 2016

@runningman84 Not a bad idea, but you can get that information by sending the rest access logs to this nice log management product called Graylog ;)

@runningman84
Copy link

@runningman84 runningman84 commented Apr 14, 2016

@mikkolehtisalo Graylog does not help here because we need this information in order to identify which user overloads the elasticsearch / graylog cluster. At this time the normal search is most likely not working anymore...

@mikkolehtisalo
Copy link
Contributor Author

@mikkolehtisalo mikkolehtisalo commented Apr 14, 2016

Interesting use case. I am unsure where the state information should be stored...

@joschi joschi self-assigned this May 24, 2016
@joschi joschi merged commit e57d313 into Graylog2:master May 24, 2016
3 checks passed
3 checks passed
@garybot2
ci-server-integration Jenkins build graylog2-server-integration-pr 862 has succeeded
Details
@garybot2
ci-web-linter Jenkins build graylog-pr-linter-check 350 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@joschi
Copy link
Contributor

@joschi joschi commented May 24, 2016

@mikkolehtisalo Thanks a lot!

joschi pushed a commit that referenced this pull request May 24, 2016
@mikkolehtisalo mikkolehtisalo deleted the mikkolehtisalo:issue-1816 branch May 24, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants