Unable to set access control lists based on IP/network

[crosesvg]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug Access lists do not work as all connections are seen to originate from the containers gateway address

Nginx Proxy Manager Version v2.10.3

To Reproduce Steps to reproduce the behavior: Configure an Access list to: allow traffic from local networks (e.g. 192.168.0.0/16) Deny traffic from all Assign the access list to a proxy host Attempt to access the proxy host

Expected behavior Traffic originating from 192.168.0.0/16 networks are granted access Traffic originating from other internal/external networks are denied

Actual behavior Traffic from 192.168.0.0/16 networks are denied access if the access list is updated to include 172.16.0.0/16 (e.g. the subnet/ip address of the docker container/gateway) then connections are allowed from all networks (as all requests are seen to originate from the subnet that the container/gateway resides in)

Operating System Docker desktop/WSL on Windows

[jmaximusix]

can confirm This reddit user has also come to the same conclusion: https://www.reddit.com/r/nginxproxymanager/comments/110634p/comment/j8lc9cj/?utm_source=share&utm_medium=web2x&context=3

[grainsoflight]

Having the same issue. adding

location = / { allow 192.168.0.0/24; deny all; }

manually to the advanced settings resolves the issue, so it seems like the access lists arent properly inserting it

[dezza]

Try to check(box) "Satisfy any" [x]

I had issues with HTTP Basic Auth as well, but this made sure it satisfied on IP-restrictions only.

[grainsoflight]

I had tried this and it did not work

On Sat, Oct 21, 2023, 11:53 PM dezza @.***> wrote:

Try to check(box) "Satisfy any" [x]

I had issues with HTTP Basic Auth as well, but this made sure it satisfied on IP-restrictions only.

— Reply to this email directly, view it on GitHub https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3002#issuecomment-1773985765, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHANMY2IR2VIQUEZA6LRINTYASKB5AVCNFSM6AAAAAAZJEBKEKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZTHE4DKNZWGU . You are receiving this because you commented.Message ID: @.***>

[dezza]

I had tried this and it did not work

Ok! Well maybe try with a new entry so you're sure a new file is being created.

I couldn't get the basic auth working, not sure why, it showed my user and an excerpt (3 letters or so) of the password for login, but this login never worked in basic auth, so not sure what was wrong..

[dezza]

Btw the issue with not seeing the correct source IP is easily resolved by running the container with --network=slirp4netns:port_handler=slirp4netns

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1: