Bug 8539 - Hard to identify source of failed login attempts with Web Access behind a reverse proxy
Summary: Hard to identify source of failed login attempts with Web Access behind a rev...
Status: CLOSED DUPLICATE of bug 7466
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.19.0
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-05 13:43 CET by William Sjöblom
Modified: 2025-03-05 15:34 CET (History)
0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description William Sjöblom cendio 2025-03-05 13:43:21 CET 
When a failed logging attempt to Web Access happens, it is logged by PAM like this:
> 2025-03-04T19:22:58.892923+01:00 pam1 tl-pamapp[418264]: pam_unix(thinlinc:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=::ffff:172.16.254.1  user=wilsj

Under normal circumstances, the above rhost will be the IP of the client that attempted the failed login. 

However, when ThinLinc Web Access is placed behind a reverse proxy, rhost will simply be the IP of the reverse proxy machine and not the actual client. This makes auditing and acting on failed login attempts very difficult.
Comment 1 William Sjöblom cendio 2025-03-05 13:47:15 CET 
Most reverse proxies set the header X-Forwarded-For (and potentially X-Real-IP) to the IP of the actual client.
Comment 2 William Sjöblom cendio 2025-03-05 13:55:50 CET 
Oops, there was already a bug for this.

*** This bug has been marked as a duplicate of bug 7466 ***
Note You need to log in before you can comment on or make changes to this bug.