search

bhanuc / shellinabox

Automatically exported from code.google.com/p/shellinabox
Other
0 stars 0 forks source link

Real IP recognition over proxy #54

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
I use shellinabox (and find it really great) through nginx, and noticed that in 
logs the remote host 
appears as 127.0.0.1, because the connection is proxied (the values are the 
real ones when i access 
it directly)

It woud be nice to have "X-Forwarded-For" or "X-Real-IP" headers read by 
shellinabox, so the 
remote host address would get the actual values.

Also, when using SSH service for authentication the remote address is also 
localhost, but I suppose 
that's an unsolvable issue. I hope I'm wrong, though.

Original issue reported on code.google.com by marpi...@gmail.com on 27 Feb 2010 at 11:05

GoogleCodeExporter commented 9 years ago 
I second that motion, currently you can't apply the same security rules to 
shellinabox 
that applies to the SSH daemon.

Original comment by ahve...@gmail.com on 25 Mar 2010 at 10:20

GoogleCodeExporter commented 9 years ago 
This is big problem for me. I would like to see real addresses for SSH sessions.

Original comment by stanisla...@gmail.com on 8 Dec 2011 at 11:59

GoogleCodeExporter commented 9 years ago 
Sounds like a reasonable request.  Patches welcome.

Original comment by beewoo...@gmail.com on 31 Mar 2012 at 7:52

GoogleCodeExporter commented 9 years ago 
This one has been sitting for quite sometime now...  Has anybody submitted a 
patch, or has been it added to a current version of Shell-in-a-box?

Original comment by kveron...@gmail.com on 2 Feb 2014 at 2:44

GoogleCodeExporter commented 9 years ago 
Any hints on where it reads the IP address in the code, been searching all 
morning for the header data and can't seem to find a spot that reads 
remote-addr at all.

Original comment by ELyn...@gmail.com on 19 Oct 2014 at 2:51