Comments (7)
@davidglassborow It worked, thank you very much for the assistance
from firewall.
Proposing PR #12 for this issue.
from firewall.
@nickntg Do you know of a temporary workaround for this while we wait for the fix to be merged?
from firewall.
The RemoteIpAddress
should be set automatically by the corresponding ASP.NET Core middleware if you have configured it correctly. Obviously you must plug the forwarded for middleware before the firewall middleware for it to be picked up by the firewall as well. If the RemoteIpAddress
is not set correctly then the forwarded for middleware is misconfigured. I don't think there is a bug in the firewall here. Maybe show me some code of your middlewares and I can help diagnose the issue.
from firewall.
A common error I see if that the Forwarded header middleware only trusts localhost proxies by default. The RemoteIpAddress etc will not be set if the proxy if not running on locahost. See https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-8.0.
The following shows how to bypass that for testing, for prod you should specify the proxy - see example
// Sort out headers so works in front of a proxy
var config = new ForwardedHeadersOptions()
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedProto,
ForwardLimit = 100
};
// https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-8.0
// By default the code only trusts localhost proxies, which doesn't help us in Docker or K8s.
config.KnownProxies.Clear();
config.KnownNetworks.Clear(); ;
app.UseForwardedHeaders(config);
from firewall.
The
RemoteIpAddress
should be set automatically by the corresponding ASP.NET Core middleware if you have configured it correctly. Obviously you must plug the forwarded for middleware before the firewall middleware for it to be picked up by the firewall as well. If theRemoteIpAddress
is not set correctly then the forwarded for middleware is misconfigured. I don't think there is a bug in the firewall here. Maybe show me some code of your middlewares and I can help diagnose the issue.
So with this, I have added the configuration as it is highlighted in the docs, see the screenshot below (we are using this along with Yarp), and it seems to work on my local machine but does not map the remote IP address correctly in our Kubernetes environment where the traffic is controlled using an nginx controller that plays a load balancer role, it keeps the Nginx pod's IP address as the remote IP address.
This is just a snippet of where the firewall is configured with some debug logs when the access denied delegate is triggered.
Could the problem be the fact that I am configuring the firewall on the Yarp pipeline?
from firewall.
The
RemoteIpAddress
should be set automatically by the corresponding ASP.NET Core middleware if you have configured it correctly. Obviously you must plug the forwarded for middleware before the firewall middleware for it to be picked up by the firewall as well. If theRemoteIpAddress
is not set correctly then the forwarded for middleware is misconfigured. I don't think there is a bug in the firewall here. Maybe show me some code of your middlewares and I can help diagnose the issue.So with this, I have added the configuration as it is highlighted in the docs, see the screenshot below (we are using this along with Yarp), and it seems to work on my local machine but does not map the remote IP address correctly in our Kubernetes environment where the traffic is controlled using an nginx controller that plays a load balancer role, it keeps the Nginx pod's IP address as the remote IP address.
This is just a snippet of where the firewall is configured with some debug logs when the access denied delegate is triggered.
Could the problem be the fact that I am configuring the firewall on the Yarp pipeline?
Read my comment - you need to either clear the KnownProxies, or add your K8 ingress as a KnownProxy.
from firewall.
Related Issues (12)
- Block Traffic by Country HOT 4
- MVC sample HOT 2
- Support X-Forwarded-For HOT 2
- Question HOT 4
- Block Specific Hosts HOT 1
- Logging? HOT 1
- ExceptFromCloudflare seems to have no effect HOT 14
- Add support for async rules HOT 2
- Possible to block specific methods/controllers? HOT 2
- Only deny certain IP addresses
- Except From Localhost not allowing requests from "::1" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from firewall.