You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have a log processor that detects malicious behaviors within logs https://www.crowdsec.net/ , we are upgrading the parser to support client_ip as that will be set if the user has a trusted proxy. However, we are hitting a slight issue, when the user is upgraded from http -> https they get a response 308 permanent upgrade, however, the log does not replace the client_ip correctly.
Here a log extract to show the trusted proxies and the subsequent logs:
Shouldn't the client_ip always be set correctly even if the request was just a redirect? it means that our log processor could hit an issue if a user just ignores the redirects and keep spamming URL's.
Here is the example Caddyfile I was using with NGINX as the upstream proxy just for testing:
See https://caddyserver.com/docs/caddyfile/options#name. servers only applies to servers that actually appear in the config, so it will not apply to the HTTP server used for redirects unless you have it explicitly appear in the config.
Yeah as said it purely just a demo environment to write the parsers. That fine, I will just divert anyone that has potential issues to the documentation (I dont use caddy as you can tell so im learning also)
Hey all thanks for all your hard work!
We have a log processor that detects malicious behaviors within logs https://www.crowdsec.net/ , we are upgrading the parser to support
client_ip
as that will be set if the user has a trusted proxy. However, we are hitting a slight issue, when the user is upgraded from http -> https they get a response 308 permanent upgrade, however, the log does not replace theclient_ip
correctly.Here a log extract to show the trusted proxies and the subsequent logs:
Shouldn't the
client_ip
always be set correctly even if the request was just a redirect? it means that our log processor could hit an issue if a user just ignores the redirects and keep spamming URL's.Here is the example Caddyfile I was using with NGINX as the upstream proxy just for testing:
Nginx config:
Then we can just
curl http://localhost
we will get308
redirect but the log wont set the IP correctly as it did come from upstream proxy.The text was updated successfully, but these errors were encountered: