Back to Community Threads
Implement X-Forwarded-For Header to get Real Client IP Address (Who's on)
Idea shared by Jairo Marques - November 24, 2017 at 4:06 PM
Declined
Hi Guys,
 
The X-Forwarded-For (XFF) HTTP header field is a standard method for identifying the originating IP address of a client connecting to a server through any proxy.

Proxies like KEMP LoadMaster, TMG (with a plugin), pfSense and others allows us to give the client's IP to the destination Real Server by inserting an additional HTTP header (called X-Forwarded-For) when L7 is used with non-transparency.

This option of inserting the HTTP header (called X-Forwarded-For) allows the client source IP address to be logged by the Real Server's IIS logs.

My idea is that SmartTrack use this method to catch the real client IP Address and use in Who's On feature.

Something like:

var forwardedFor = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

var userIpAddress = String.IsNullOrWhiteSpace(forwardedFor) ?
    Request.ServerVariables["REMOTE_ADDR"] : forwardedFor.Split(',').Select(s => s.Trim()).First();

4 Replies

Reply to Thread
0
I have the same issue with haproxy in front of SmarterMail for all protocolls.

Please have a look on these feature request.

Thanks & regards
0
Andrew Barker Replied
March 20 at 4:08 PM
Employee Post
After internal discussion, we have decided not to implement this feature. Implementing this would run the risk of exposing private IP addresses and could break our IP geolocation functionality.

Andrew Barker
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thanks for the reply. I can't really see that these are hard arguments to not implement. I'm a datacenter/application design expert for more than 10 years. For an up to date application design fulfilling security aspects a proxy/sec geteway ... is absolutely necessary. Best would be

Proxy/Sec Gateway -> Application/web Server -> Backend Data store

No way to expose an application/http server direct to the internet. Always use something like F5 LBL, haproxy, nginx, apache, IIS. Not to talk ablot load balancing, HA setups and SSL offloading.

To fulfill these major app design rules, it's an absolutely need to implement X-Forwarded-For header (https://tools.ietf.org/html/rfc7239) and the proxy protocoll (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). A lot of applications do so right now!

Without these features, all IP restrictions, protocoll information / geolocation is wothless when using an security based application design.

So I would really appreciate to think about these really necessary feature for the Web and mail services (imap, smtp ...)

Many Thanks and best regards
0
Andrew Barker Replied
March 21 at 12:05 PM
Employee Post
Mail Server,

This thread only pertains to SmarterTrack. You can look under SmarterMail for a similar discussion. If you cannot find one, feel free to get one started.

Andrew Barker
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
Back to Community Threads

Reply to Thread

Related Community Threads

New MAPI ThreadQuestion by Tim Uzzanti - Today
SmarterMail 15 Backup MX doesn't hold mail like it shouldProblem reported by Colton Morrison - Today
Tagging Tickets in SmarterTrackIdea by Speednet - Today
Smartermail build 7125 trusted domain mail went spam folderProblem reported by Binesh Shammunni - Today
Add to Visible fields "Opening Date"Idea by Emanuele Tomasi - Today

Related Knowledge Base Articles

Respond to Tickets From an Email ClientSmarterTrack > Installation and Configuration
Monitor Agents Using Quality Control on TicketsSmarterTrack > Installation and Configuration
Merge Multiple Tickets Into OneSmarterTrack > Agent Configuration and Management
SmarterTrack/WHMCS Addon ModuleUtilities and Conversion Tools
Create Host Headers for Use with BrandsSmarterTrack > Brand Configuration and Management