Client ip is not found in the security audit logs. Openfire 4.7.5

Sirish_K · October 26, 2023, 10:07am

client ip is not found in the security audit logs while connecting to port enabled using mod_proxy
security audit logs: “The user logged in successfully to the admin console from address 0:0:0:0:0:0:0:1”

but the client IP is captured in access_logs.
/var/log/httpd/access_log: "(null), 192.168.2.192 192.168.2.192 - - [26/Oct/2023:15:24:57 +0530] “GET /audit-policy.jsp HTTP/1.1” 200 26118 “http://192.168.2.118:8009/profile-settings.jsp” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36” "

Thanks

guus · October 26, 2023, 10:20am

Is your reverse proxy setting the ‘X-Forwarded-For’ headers?

You may need to enable the Openfire system property adminConsole.forwarded.enabled to parse these headers.

Sirish_K · October 27, 2023, 5:28am

Yes the reverse proxy set with ‘X-Forwarded-For’ headers

adminConsole.forwarded.enabled property is set ti Enable as well

guus · October 27, 2023, 9:04am

You might have uncovered a bug in Openfire. I have recorded this in a new bug report: [OF-2700] - Ignite Realtime Jira

guus · November 21, 2023, 3:47pm

This issue is likely fixed in the next release of Openfire. Can you please test Openfire 4.8.0 beta to see if the problem is resolved for you with that version?