Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logging middleware logs real/originating IP address #1995

Open
leonweecs opened this issue Sep 16, 2024 · 1 comment · May be fixed by #2002
Open

Logging middleware logs real/originating IP address #1995

leonweecs opened this issue Sep 16, 2024 · 1 comment · May be fixed by #2002
Labels
enhancement needs triage Waiting for discussion / prioritization by team

Comments

@leonweecs
Copy link
Contributor

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

step-ca's logging middleware logs the client's IP address under remote-address field for each incoming requests, the value is taken directly from Request.RemoteAddr of Go's net/http.

The problem arises when step-ca is sitting behind a reverse proxy, the IP address of the proxy is logged instead of the actual client.

Why is this needed?

In the case where reverse proxy is used, the remote-address field is more useful for analysis/debugging/reporting when it is the real client IP.
@leonweecs leonweecs added enhancement needs triage Waiting for discussion / prioritization by team labels Sep 16, 2024
@leonweecs
Copy link
Contributor Author

I am keen to give this a go, feel free to assign this issue to me 😁

leonweecs added a commit to leonweecs/certificates that referenced this issue Sep 17, 2024
@leonweecs
Add option for the logging middleware to log real IP
45d15e0 
This commit adds the option (enabled via environment variable) to the
logging middleware to log real/originating IP address of a client based
on specific headers.

Three headers are supported: True-Client-IP, X-Real-IP, X-Forwarded-For.

This is particularly useful when there is proxy server(s) sitting
between step-ca and client.

Implements smallstep#1995
@leonweecs leonweecs linked a pull request Sep 17, 2024 that will close this issue
Open
@hslatman hslatman linked a pull request Sep 17, 2024 that will close this issue
Add option for the logging middleware to log real IP #2002
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option for the logging middleware to log real IP leonweecs/certificates
1 participant
@leonweecs