You are aware that the talk is about a piece of information (IP) the basic service (indeed apache) has naturally. Your explanation alone shows how broken by design the thing is. You need a logfile, a database, a script and a layer 7 firewall for obtaining an IP? And then you call it easy. Gimme a break...
On Fri, 26 Apr 2024 10:51:01 -0700 Sean Hulbert <shulb...@securitycentric.net.INVALID> wrote: > This is easy, > > 1. Use a SIEM on the NGINX or Apache log files set your trigger to look > for the api token. > > 2. Parse the log file directly using bash awk sed if fi else then pull > the IP address > > 3. Create a new table in the Guacamole database then add a variable to > the connection info page, take option 2 and inject the IP to the new > table to be displayed. > > 4. Put a Layer 7 firewall in front of the Guacamole system and capture > all data streams to and from (assuming this is external use). > > > > *Thank You* > Sean Hulbert > *Founder / CEO* > > > *Security Centric Inc.* > A Cybersecurity Virtualization Enablement Company > /StormCloud Gov, Protected CUI Environment!/ > > > Industry's most secure virtual desktops! > > > */FedRAMP MIL4 in process (RAR)/* > System Award Management > *CAGE: 8AUV4* > *SAM ID: UMJLJ8A7BMT3* > > AFCEA San Francisco Chapter President > If you have heard of a hacker by name, he/she has failed, fear the > hacker you haven’t heard of! > > CONFIDENTIALITY NOTICE: This communication with its contents may contain > confidential and/or legally privileged information. It is solely for the > use of the intended recipient(s). Unauthorized interception, review, use > or disclosure is prohibited and may violate applicable laws including > the Electronic Communications Privacy Act. If you are not the intended > recipient, please contact the sender and destroy all copies of the > communication. Content within this email communication is not legally > binding as a contract and no promises are guaranteed unless in a formal > contract outside this email communication. > > igitur qui desiderat pacem, praeparet bellum!!! > > Epitoma Rei Militaris > > On 4/26/2024 6:10 AM, Nick Couchman wrote: > > On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel > > <manuel.molina-de-la-igle...@veolia.com.invalid> wrote: > > > > Hello, > > > > After following the provided documentation, I cannot find a > > solution to get the real client IP. > > > > I have my application (PHP) on the same Guacamole Server, this > > application gets the user token: > > > > image.png > > > > The Tomcat log (after use the following pattern on the server.xml > > valve) I use: %{x-forwarded-for}i %l %u %t "%r" %s %b > > > > The log is OK (display the user IP) > > > > image.png > > > > > > This does not look like the Tomcat log, this looks like a log for > > httpd or Nginx, which means *that* is getting your client IP address. > > Do you have your Proxy configured to pass the X-Forwarded-For header > > through to Tomcat? > > > > -Nick > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org