Back to Community Threads
Windows X-Forwarded-For support
Question asked by Elazar Broad - 12/18/2024 at 10:48 PM
Unanswered
Hello -
 Do the Windows builds support X-Forwarded-For and X-Real-IP? I have Apache in front of SmarterMail on Windows, with Apache proxying requests directly to Kestrel, however, SmarterMail does not recognize these headers and still shows the IP of my proxy as the source IP. I will note that the Windows server running SmarterMail is running a dual IPv4/IPv6 stack, so the IP shows ::ffff:1.2.3.4. Please advise.

Thanks! 
Elazar Broad Replied
12/27/2024 at 1:37 AM
Bump
Elazar Broad Replied
12/30/2024 at 11:36 PM
After some testing, I've confirmed that the headers are only honored when the proxied request comes from localhost. This is likely due to SmarterMail using the defaults for KnownProxies (see https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-8.0#forwarded-headers-middleware-options) or explicitly setting localhost/loopback in KnownProxies.

Would it be possible to add an option to make this configurable? i.e. add additional trusted proxies via appsettings.json?

Thanks,
 Elazar
Matt Petty Replied
12/31/2024 at 1:35 PM
Employee Post
Hmm interesting, thanks for looking into this. I tried looking at appsettings.json to see if it'd be possible with no changes on our end, but I looks like we have to still manually set some things in code. I'll add a task to discuss this with the team.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
Sébastien Riccio Replied
Today at 7:46 PM
Raising this topic from the abysses.

It would be great to be able to declare somewhere, trusted proxies, other than the default 127.0.0.1.

Nowadays It can already be done for TCP proxies, using the Settings -> Security -> Whitelist > TCP Proxy flag, but we are missing a way to allow SM to honor X-Forwarded-* headers from reverse proxies that are not on 127.0.0.1

Thanks :)
Sébastien Riccio System & Network Admin https://swisscenter.com
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Key Feature and Version Milestones in SmarterMailSmarterMail
Send User Spam Feedback Options in SmarterMailSmarterMail > Antispam and Antivirus
SmarterMail and OAuth 2.0SmarterMail > Server Configuration and Management
Add to Outlook LimitationsSmarterMail > Desktop and Mobile Synchronization
TLS 1.0/1.1 Deprecation InformationGeneral Topics