On Tue, Apr 17, 2012 at 12:50 PM, Afkham Azeez <[email protected]> wrote: > Thanks Dushan. AmilaJ, when we log the authentication message ("Admin > "admin" logged in from IP <x.x.x.x> at <y:y:y>" we need to take the > X-Forwarded-For & X-IP headers into consideration. If those headers are > there, we need to use those when recording the IP. I think currently, when > WSO2 products are fronted by an LB, they simply log the IP address of the LB > instead of the original sender, which is kind of useless. Can you look into > this?
Hi Azeez, I will look into this. First need to get familiar with "X-Forwarded-For & X-IP headers". Thanks AmilaJ > > Thanks > Azeez > > > On Tue, Apr 17, 2012 at 12:45 PM, Dushan Abeyruwan <[email protected]> wrote: >> >> Hi >> Ref: https://wso2.org/jira/browse/CARBON-11680 already committed. >> >> cheers >> Dushan >> >> >> On Tue, Apr 17, 2012 at 12:38 PM, Mail Delivery Subsystem >> <[email protected]> wrote: >>> >>> Delivery to the following recipient failed permanently: >>> >>> [email protected] >>> >>> Technical details of permanent failure: >>> Google tried to deliver your message, but it was rejected by the >>> recipient domain. We recommend contacting the other email provider for >>> further information about the cause of this error. The error that the other >>> server returned was: 550 550-5.1.1 The email account that you tried to reach >>> does not exist. Please try >>> 550-5.1.1 double-checking the recipient's email address for typos or >>> 550-5.1.1 unnecessary spaces. Learn more at >>> 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 >>> c14si8612388ann.135 (state 14). >>> >>> >>> ----- Original message ----- >>> >>> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; >>> d=google.com; s=20120113; >>> >>> h=mime-version:in-reply-to:references:date:message-id:subject:from:to >>> :cc:content-type:x-gm-message-state; >>> bh=5plU/pQ5v4yiEspcQNKCQHWFKXWrV7hLpSv/nBTfCrI=; >>> >>> b=Po9Tc/PF+G58VEGbD+4qShHeHkwrI/3erDUWY14GfSapLdVJuLmbOkZq9wjgA/eEp5 >>> >>> nk2YLEvVbgu6xmGb0UNC1hKdjDv0fvRNbx79WVOGk6MtpUJrHRvZVLZk7W1ihBAOOWNx >>> >>> LTn5emtGykU2+sqZIgK67zDhIvCszJSwk/lH2s2zhvlIBjisD9kwwSmX2zdJpH1PBmH/ >>> >>> vkMKvGqurqgMky/rSnxTtOrYZBfiqiBP7sbTPe38Wrhoo730C/dAyo5CFBHWmB2bG8qy >>> >>> t3EITMjDZqteETNSAuKwF4tc/sWPpYApSCXxYyHFXZ2eEobBL78JicvboIkoPNAVRTor >>> pveg== >>> MIME-Version: 1.0 >>> Received: by 10.182.72.38 with SMTP id a6mr2930804obv.38.1334646524293; >>> Tue, >>> 17 Apr 2012 00:08:44 -0700 (PDT) >>> Received: by 10.182.58.193 with HTTP; Tue, 17 Apr 2012 00:08:44 -0700 >>> (PDT) >>> In-Reply-To: >>> <CAJWskNF4tu75r0Xd6jAKcq=tkezpo7cxpav694c2hu2-57l...@mail.gmail.com> >>> >>> References: >>> <cajwsknegsb2cf1+_9njrpqtppzp94myvtsqjtcgzgoopnt5...@mail.gmail.com> >>> >>> <capmlfe_dwwwvs9gk-wdazfxzljnqmpevcqbx6e3eq5qussa...@mail.gmail.com> >>> >>> <CAJWskNE98gxSM3BP7JguO7eH4BY1Xbn4kjf-AEzM=6ae4et...@mail.gmail.com> >>> >>> <capmlfe_qbvgeam0zk_bbvy_6zmhziuormilz-vvamwm0r9c...@mail.gmail.com> >>> >>> <CAJWskNH6j=h2kcdbva2kc96ns61_1bes+sbcfxu79mhu1dv...@mail.gmail.com> >>> >>> <CACyyj6c4dABXdfN+aoGCE=t8nide96zq-rmw4nt7hednuv0...@mail.gmail.com> >>> >>> <CAJWskNF4tu75r0Xd6jAKcq=tkezpo7cxpav694c2hu2-57l...@mail.gmail.com> >>> Date: Tue, 17 Apr 2012 12:38:44 +0530 >>> Message-ID: >>> <CACyyj6evnuLu6ad1Atfix4jKv=ES8sfys5nb=wgf0drnf+4...@mail.gmail.com> >>> >>> Subject: Re: [New feature request] Support X-Forwarded-For HTTP extension >>> header in WSO2 LB >>> From: Dushan Abeyruwan <[email protected]> >>> To: Afkham Azeez <[email protected]> >>> >>> Cc: Hiranya Jayathilaka <[email protected]>, stratos-dev >>> <[email protected]>, >>> Sadeep Jayasumana <[email protected]> >>> Content-Type: multipart/alternative; >>> boundary=f46d0447a2a9fb303f04bdda9ba9 >>> X-Gm-Message-State: >>> ALoCoQm+qIE2Kqng2gbmefbcCZFZV7JghuMp33MuKz/f/0/UC0cpwFT/jq0zGVPgDNZS1Zb2/KiY >>> >>> >>> Hi >>> Yes, I did this implementation (few months back) and I am not sure >>> whether >>> it has committed to trunk, will check rite away >>> >>> cheers >>> Dushan >>> >>> On Tue, Apr 17, 2012 at 12:29 PM, Afkham Azeez <[email protected]> wrote: >>> >>> > Dushan, >>> > Has this been implemented in the trunk? >>> > >>> > Azeez >>> > >>> > On Tue, Nov 29, 2011 at 9:56 AM, Dushan Abeyruwan <[email protected]> >>> > wrote: >>> > >>> >> Hi, >>> >> I will looking to this new feature and will implement ASAP before >>> >> next >>> >> release >>> >> >>> >> cheers, >>> >> Dushan >>> >> >>> >> >>> >> >>> >> On Tue, Nov 29, 2011 at 7:23 AM, Afkham Azeez <[email protected]> wrote: >>> >> >>> >>> Dushan, >>> >>> Are you on this mailing list? Please ACK. This is something we can & >>> >>> should get implemented quickly. >>> >>> >>> >>> On Sat, Nov 19, 2011 at 11:08 AM, Hiranya Jayathilaka >>> >>> <[email protected]>wrote: >>> >>> >>> >>>> >>> >>>> >>> >>>> On Sat, Nov 19, 2011 at 10:30 AM, Afkham Azeez <[email protected]> >>> >>>> wrote: >>> >>>> >>> >>>>> >>> >>>>> >>> >>>>> On Sat, Nov 19, 2011 at 10:27 AM, Hiranya Jayathilaka < >>> >>>>> [email protected]> wrote: >>> >>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> On Sat, Nov 19, 2011 at 8:55 AM, Afkham Azeez <[email protected]> >>> >>>>>> wrote: >>> >>>>>> >>> >>>>>>> See http://en.wikipedia.org/wiki/X-Forwarded-For >>> >>>>>>> >>> >>>>>>> In addition, when we log user login requests, we have to pick up >>> >>>>>>> the >>> >>>>>>> originating IP address using the X-Forwaded-For header, if it is >>> >>>>>>> available. >>> >>>>>>> >>> >>>>>>> Hiranya and/or Sadeep or someone else from ESB team, can you >>> >>>>>>> folks >>> >>>>>>> please look into this? It should be pretty simple to implement. >>> >>>>>>> >>> >>>>>> >>> >>>>>> We can do this in the configuration without changing any code. >>> >>>>>> Given >>> >>>>>> that this is only a 'defacto standard', should we do this >>> >>>>>> programmatically? >>> >>>>>> >>> >>>>> >>> >>>>> Looks like it will become a standard soon. Most reverse proxies are >>> >>>>> using this, so there is no harm in us supporting it. It is a simple >>> >>>>> HTTP >>> >>>>> header after all. Extension headers will not cause HTTP servers to >>> >>>>> fail or >>> >>>>> anything like that :) >>> >>>>> >>> >>>> >>> >>>> We should still make this configurable. >> >> >> >> >> -- >> Dushan Abeyruwan >> Senior Software Engineer >> Integration Technologies Team >> WSO2 Inc. http://wso2.com/ >> Mobile:(+94)714408632 >> > > > > -- > Afkham Azeez > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > > email: [email protected] cell: +94 77 3320919 > blog: http://blog.afkham.org > twitter: http://twitter.com/afkham_azeez > linked-in: http://lk.linkedin.com/in/afkhamazeez > > Lean . Enterprise . Middleware > -- Mobile : +94773330538 _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
