Table "rcguard" includes only one entry when mailserver running behind reverse proxy

dsoares / roundcube-rcguard

Roundcube plugin to enforce reCAPTCHA for users who have too many failed logins.

24 stars 11 forks source link

Table "rcguard" includes only one entry when mailserver running behind reverse proxy #17

Closed dsoares closed 6 years ago

dsoares commented 6 years ago

From @74cmonty on October 16, 2016 8:17

Hello!

I have checked the content of table roundcube/rcguard and it shows only one entry:

MariaDB [roundcube]> select * from rcguard;
+----------+---------------------+---------------------+------+
| ip       | first               | last                | hits |
+----------+---------------------+---------------------+------+
| 10.0.0.2 | 2016-10-16 09:59:07 | 2016-10-16 09:59:49 |    5 |
+----------+---------------------+---------------------+------+
1 row in set (0.01 sec)

This IP belongs to a reverse proxy that is required in my network.

Is there any option to record the "real" IP address of the user who wants to login? With your plugin "lastlogin" you can identify the real IP.

THX

Copied from original issue: dsoares/rcguard-old#17

dsoares commented 6 years ago

Thank you for filling this issue. I'll do some testing and give you feeback later.

dsoares commented 6 years ago

From @degetz on October 21, 2016 0:17

Hi 74monty,

Have you tried to include the configuration option 'proxy_whitelist' in your Roundcube config.inc.php?

$config['proxy_whitelist'] = array('10.0.0.2');

Cheers

dsoares commented 6 years ago

Thank you @degetz. @74cmonty, please try it. I'll wait for some feeback before closing this issue.

dsoares commented 6 years ago

From @74cmonty on October 21, 2016 17:36

Hi, sorry for replying late. I have added the configuration option to config.inc.php, however I cannot validate if this is solving the issue because now I cannot use rcguard at all. But this is another issue I will report in a separate ticket. Until the other ticket is solved I would ask you to keep this ticket open.

THX

dsoares commented 6 years ago

From @74cmonty on October 25, 2016 11:42

I have modified /var/www/mail/roundcube/config/config.inc.php by adding these lines

// proxy whitelist
$config['proxy_whitelist'] = array('10.0.0.2');

Now there are no entries in table roundcube.rcguard at all after trying to login to Roundcube:

MariaDB [mysql]> select * from roundcube.rcguard;
Empty set (0.00 sec)

dsoares commented 6 years ago

From @degetz on October 27, 2016 6:40

You kinda need to configure the reverse proxy to send the client IP in an HTTP header, x-forwarded-for or x-real-ip are your friends depending on the web-server you use. Anything else might mean you have an error somewhere in the process.

dsoares commented 6 years ago

Did you manage to configure the reverse proxy the right way?

dsoares commented 6 years ago

I'm closing this issue. Reopen it if the problem persists.