← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #46955

[Bug 1550127] [NEW] Wrong IP Address for error message in keystone.log

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When the keystone public endpoint sits behind a reverse proxy, messages
written to keystone.log contain the IP address of the proxy, not the IP
address of the client.

For example:

2016-02-25 20:48:21.409 60 WARNING keystone.common.wsgi [-]
Authorization failed. Could not find user: foo (Disable debug mode to
suppress these details.) (Disable debug mode to suppress these details.)
from 192.168.1.100

The client's real IP address is passed with the request in the X
-Forwarded-For header.

Other OpenStack services, such as nova, glance, and cinder have a
configuration option

    use_forwarded_for = true

When this is set, their corresponding API log files record the client's
real IP address as gleaned from X-Forwarded-For.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1550127

Title:
  Wrong IP Address for error message in keystone.log

Status in OpenStack Identity (keystone):
  New

Bug description:
  When the keystone public endpoint sits behind a reverse proxy,
  messages written to keystone.log contain the IP address of the proxy,
  not the IP address of the client.

  For example:

  2016-02-25 20:48:21.409 60 WARNING keystone.common.wsgi [-]
  Authorization failed. Could not find user: foo (Disable debug mode to
  suppress these details.) (Disable debug mode to suppress these
  details.) from 192.168.1.100

  The client's real IP address is passed with the request in the X
  -Forwarded-For header.

  Other OpenStack services, such as nova, glance, and cinder have a
  configuration option

      use_forwarded_for = true

  When this is set, their corresponding API log files record the
  client's real IP address as gleaned from X-Forwarded-For.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1550127/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next