U4-9165 - logs littered with security actions happening against the private Ip of the loadbalancer.

Created by Mike Chambers 08 Nov 2016, 15:56:53 Updated by Jeffrey Schoemaker 10 Nov 2017, 14:56:41

Relates to: U4-9229

''What did you do?'' '''Logging into the backend and viewing the logs gives/// 15:25:58.780 INFO Umbraco.Core.Security.BackOfficeSignInManager Event Id: 0, state: User: user@example.com logged in from IP address 10.168.1.73'''

''What did you expect to happen?'' '''expected to see the remote ip address'''

''What actually happened?'' '''shows the loadbalancer ip'''

think this is a simple case of looking for the existence of the X_FORWARDED_FOR header assuming the hosting company supports it.

or maybe a bit of middleware? https://gist.github.com/runesoerensen/921bf766b76d7573fcd4

https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Core/Security/BackOfficeSignInManager.cs

                        string.Format(
                            "User: {0} logged in from IP address {1}",
                            userName,
                            _request.RemoteIpAddress), null, null);
                    break;```

Comments

Priority: Normal

Type: Bug

State: Submitted

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.5.4

Due in version:

Sprint:

Story Points:

Cycle: