aspacca
commented
1 month ago @michaelscl it is because of the package we use to get the real ip address the request is coming from: https://github.com/tomasen/realip/blob/master/realip.go#L53-L84
it returns X-Forwarded-For, filtering out private address (like "10.10.100.1", indeed), or if no public addres is found, it returns X-Real-Ip, regardless the address is private or not.
If none are set it returns http.Request.RemoteAddr
We'll have to find a new package (realip has no update in 8 years), that does not filter out private address.
Not sure how much configurable is Sophos UTM, but if you are able to set X-Real-Ip when requests come from "10.10.100.1" you should have a workaround
michaelscl
Hi,
In our company we have Sophos UTM as a reverse proxy. I use transfer.sh under the name transfersh.xxxxx.cz over reverese proxy.
I have also disabled authentication for IP 10.10.100.1: --http-auth-ip-whitelist 10.10.100.1
If I access transfer.sh via the name and this proxy, authentication pops up on me:
If I go to the server directly, outside of the reverse proxy, authentication is skipped:
The only difference I see is that if I go through a proxy, transfer.sh identifies me as 10.10.100.1:0 and auth white list doesnt work, but if I go directly, the IP address already shows the port 10.10.100.1:52655 and auth white list works
Could the problem be the source port that Sophos is sending 0? Is this source port also checked port > 0?
I use docker version tag v1.6.1
best regards
Michal