Hi,
I have put Genieacs behing Apache proxy and everything works, except the CWMP logs show localhost as the request source.
How to use the FORWARDED_HEADER to force logging the real IP of the CPE?
I have set:
export GENIEACS_FORWARDED_HEADER=X-Forwarded-For
but still having 127.0.0.1 as the request source in the logs.
I’m using Genieacs 1.2.1.
Thanks
The value of the environment variable GENIEACS_FORWARDED_HEADER should be an IP or list of IPs or CIDRs from which to rocognize the Forwarded HTTP header. That is, it should be the IP of your proxy server(s). Example:
192.168.0.1/24, 10.0.0.1
Note that it doesn’t support X-Forwarded-For. Only the new standard Forwarded header is supported. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
I eventually found it requires new Forwarded header. Will have to switch to Nginx as Apache apparently does not support this.
I wanted to log the correct client IP as well. As of Apache 2.4.37 (RHEL/CentOS 8) the header is not natively supported. I did get it working by manually creating the needed Forwarded: header
Apache and GenieACS are running on the same host. GenieACS bound to 127.0.0.1 so will only ever see queries from 127.0.0.1
GENIEACS_FORWARDED_HEADER=127.0.0.1
I added the following to my apache config in my acs virtualhost
ProxyAddHeaders Off RequestHeader set Forwarded expr=for=%{REMOTE_ADDR}
I can confirm this works with Apache 2.46 on FreeBSD 11.4.
Thank you!