Varnish: How to forward failed login client ip in auth.log?

  • Resolved blablabla

    (@gabo13)


    7 years, 5 months ago

    Hello everybody,

    I know my question is very specific, but…. I’ll give it a try here…

    I am using Apache2 behind Varnish and I’ve managed to forward client ip in the access log of apache2, but I can’t forward the client ip in event of failed login attamt, in auth.log So when i try fake pass and user to login in wordpress in fail2ban log I see this:

    2017-06-19 15:17:30,118 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 15:17:49,747 fail2ban.filter [24601]: INFO [wordpress-soft] Ignore 127.0.0.1 by ip
    2017-06-19 15:24:57,385 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 15:37:06,575 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 15:38:33,003 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 15:44:10,889 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 15:53:49,466 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 16:03:26,089 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 16:03:42,792 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip
    2017-06-19 16:16:13,517 fail2ban.filter [24601]: INFO [wordpress-hard] Ignore 127.0.0.1 by ip

    In my auth.log you see something like this:
    Jun 19 16:03:42 [28003]: Authentication attempt for unknown user sddfgdf from 127.0.0.1

    Does someone completed such IT adventure? ??

    Thanks!

Viewing 1 replies (of 1 total)
  • Thread Starter blablabla

    (@gabo13)

    Okay, actually I’ve managed to fix it.

    # Added to wp-config.php:
    //Fail2Ban
    define(‘WP_FAIL2BAN_PROXIES’,’127.0.0.1, my.server.ip.address’);

    # changed CustomLog format in /etc/apache2/apache.conf
    #LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined
    LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” varnishcombined

    # Added in /etc/varnish/default.vcl
    sub vcl_recv {
    if (req.restarts == 0) {
    if (req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = req.http.X-Forwarded-For + “, ” + client.ip;
    } else {
    set req.http.X-Forwarded-For = client.ip;
    }
    }

    }

    And it worked.

    // Ubuntu Server 16.04

Viewing 1 replies (of 1 total)
  • The topic ‘Varnish: How to forward failed login client ip in auth.log?’ is closed to new replies.