BlackDex
commented
3 years ago Please post the Support String which you can generate via the /admin/diagnostics page as requested in the issue template.
Closed feld closed 3 years ago
BlackDex
commented
3 years ago Please post the Support String which you can generate via the /admin/diagnostics page as requested in the issue template.
feld
commented
3 years ago Apologies, I think I started opening an issue a couple days ago and cleared out the template so I didn't see it when I decided to finish submitting this morning.
{
"_duo_akey": null,
"_enable_duo": false,
"_enable_email_2fa": true,
"_enable_smtp": true,
"_enable_yubico": true,
"_ip_header_enabled": true,
"admin_token": "***",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_max_conns": 10,
"database_url": "****/**.*******",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"domain": "*****://**.****.**",
"domain_origin": "*****://**.****.**",
"domain_path": "",
"domain_set": true,
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"email_attempts_limit": 3,
"email_expiration_time": 600,
"email_token_size": 6,
"enable_db_wal": true,
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"invitation_org_name": "Bitwarden_RS",
"invitations_allowed": true,
"ip_header": "X-Real-IP",
"log_file": null,
"log_level": "Info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"org_attachment_limit": null,
"org_creation_users": "",
"password_iterations": 100000,
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"sends_folder": "data/sends",
"show_password_hint": true,
"signups_allowed": true,
"signups_domains_whitelist": "",
"signups_verify": false,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_explicit_tls": false,
"smtp_from": "***********@**.****.**",
"smtp_from_name": "Vaultwarden",
"smtp_host": "***.***.*.***",
"smtp_password": null,
"smtp_port": 25,
"smtp_ssl": false,
"smtp_timeout": 15,
"smtp_username": null,
"templates_folder": "data/templates",
"use_syslog": false,
"user_attachment_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"websocket_address": "0.0.0.0",
"websocket_enabled": false,
"websocket_port": 3012,
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}I don't know how old my .env config file is, but it doesn't actually have the ip_header setting in it. I can add it.
Is there a reason why the software cannot just accept both X-Forwarded-For and X-Real-IP?
BlackDex
commented
3 years ago Checking multiple headers is probably not a good option since both could contain two different results. Also, we can not just check if the IP is a global IP or private IP, because people could run it only locally, so there is no way for us to determine which header we should follow, that is why you can (and need to) configure it.
You can check the current .env values here: https://github.com/dani-garcia/vaultwarden/blob/b8010be26b4e2d489f55ba01622f9b6e1685b3b1/.env.template#L41
Hello,
The emails I receive when a new login/session event happens is showing the IP address of my reverse proxy, not the actual client IP. I have captured the request with tcpdump and verified the X-Forwarded-For header is there as expected.
Header shows the correct client IP, but email shows the reverse proxy's IP