This isn’t really a big issue, just wanting to know if there is something I missed.
I’ve set up this reverse proxy (https://nginxproxymanager.com/) to secure my site, and things are working. But today I noticed while using system.perspective.getSessionInfo(), every clientAddress is the IP address of the proxy manager.
I’ve set up something similar before with other stuff, and I was able to set the application to “trust” the reverse proxy manager so that the application uses the client IP address reported by the proxy.
Is this possible? thanks!
This is expected behavior right now.
We have an existing ticket to honor
X-Forwarded or similar headers if they are set by the load balancer / proxy that will get done at the same time as reverse DNS lookups for IPs with Security Zones. Not sure how soon these are happening though.
ok cool, not something I need right this moment, but would be good for auto blocking ips or something.
thanks for the saturday reply
We neeeed this reverse DNS lookup. Currently I’m relying on the session Id to identify specific clients to give control access, as their ips are dynamically assigned. The session Id changes though as well (I havent worked out when yet )