Forwarding actual client IP in signed IFRAME request in web application behind a firewall, corporate network, etc.

[rdev5]

Hi,

I notice that when the IFRAME is constructed, Duo performs a HTTP 302 redirect once it derives the REMOTE_ADDR of the user.

However, this may not be sufficient for corporate networks (behind firewall, etc.), for example, where all the addresses listed under Access Device show the external IP address.

Assuming the web application doing the integration (i.e. CAS) is on the same network as clients connecting and has access to REMOTE_ADDR, HTTP_X_FORWARDED_FOR, etc., is there any way to construct the IFRAME such that the LAN address derived by the web application may be passed to Duo for recording as the address of the Access Device instead of the external IP?

Thanks!

[xdesai]

Hi Matt, In order to get this feature request tracked most effectively it'd be great if you could reach out to our support team. They'll be able to make sure this request is tracked in our system and can be prioritized. https://duo.com/support Email: support@duosecurity.com Phone: https://duo.com/support#support-phone-numbers

Thanks for using Duo!

[AaronAtDuo]

Closing this old issue. Duo strongly recommends migrating to our new Duo Universal prompt.