OpenSRF

osrf-websocket-stdio should log real client address

Bug #2047662 reported by Galen Charlton on 2023-12-28

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenSRF	Confirmed	Wishlist	Unassigned	OpenSRF 4.0-beta
3.2	Confirmed	Wishlist	Unassigned	OpenSRF 3.2.5
3.3	Confirmed	Wishlist	Unassigned	OpenSRF 3.3.1

Bug Description

Currently osrf-websocket-stdio grabs the client IP from REMOTE_ADDR as set by websocketd. Since most/all Evergreen setups have a proxy sitting in front of websocketd (or should), REMOTE_ADDR is most often set to "127.0.0.1", although setups are possible where the proxy and the websocketd server are not the same host.

This isn't particularly useful; instead, it would be more convenient to log the real client IP address. Since both the NGINX and HAProxy configurations shipped with OpenSRF set X-Forwarded-For, we can use instead (as websocketd maps it to an environment variable HTTP_X_FORWARDED_FOR.

See original description

Tags:

Revision history for this message

Galen Charlton (gmc) wrote on 2023-12-28:

A patch is available in user/gmcharlt/lp2047662_log_real_client_ip_for_websocketd / https://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/gmcharlt/lp2047662_log_real_client_ip_for_websocketd

I'm suggesting this as a wishlist-that-is-arguably-a-bugfix for 3.3.x and maybe 3.2.x, but at first blush looks like it should cherry-pick cleanly into the current RediSRF branch.

Changed in opensrf:
milestone:	none → 3.3.1
milestone:	3.3.1 → none
tags:	added: pullrequest
Changed in opensrf:
milestone:	none → 4.0-beta

Galen Charlton (gmc) on 2023-12-29

description:

updated

Revision history for this message

Jason Boyer (jboyer) wrote on 2023-12-29:

Tested on my system and it does the thing. Signoff branch is at https://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/jboyer/lp2047662_websocketd_log_signoff / working/user/jboyer/lp2047662_websocketd_log_signoff

Jeff Davis (jdavis-sitka) on 2024-03-18

Changed in opensrf:
status:	New → Confirmed
tags:	added: signedoff

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.