Hi,

We currently run our web services behind a load balancer. A result of this is that the environmental variable that normally contains the remote IP of our visitors ($_SERVER) actually contains just the IP or our load balancer. The real IP info is passed in $_SERVER. Unfortunately, RSFirewall only sees REMOTE_ADDR so when we get probed, we don't see the culprit IP. Is there a way to configure RSFirewall to work behind a load balancer and use the HTTP_X_FORWARDED_FOR?

Thanks!

Erik

Hello,

In order to adjust this, the source code of RSFirewall! will have to be edited. Note that we do not recommend our users to edit the source code of the component as the changes are lost upon updating.

I would certainly hope we don't have to edit source code! This must be a common situation, especially for high profile sites that require robust server facilities with fail over redundancy. A google search on x_forwarded_for reveals quite a number of others struggling with this issue. Is there any chance RSFirewall will include support for this in future versions?

Thanks.

Erik

Hello,

In RSFirewall! R36 we've added some fixes regarding this - can you please update your installation and let me know if everything works correctly now ?

Regards!

Thanks! I have not yet seen any reports of backend login attempts since I upgraded. I'll report on the results when I do.

Erik

Hi,

We just tested backend login attempts from remote host using a real username and bad password as well as a bad username and password. It's great to see we're now getting IP info!! However, it still doesn't show the username used or User Id. Can we fix that too? See:


Description: There was an unsuccessful attempt to login into the backend section of your website using an unknown username.

Alert level: Medium

Date of event: 22.03.2012 16:49:40

User IP: 208.113.150.163

User Id: 0

Username: