yahoo-eng-team team mailing list archive

[Steve Martinelli <1550127@xxxxxxxxxxxxxxxxxx>]

Looks like this was resolved in oslo.middleware in this commit:
https://github.com/openstack/oslo.middleware/commit/df01234bd864062a1dddd071b1d265153867f4b1

I'm marking it as WONTFIX for keystone and opening it up against
oslo.middleware as fix-released

** Also affects: oslo.middleware
   Importance: Undecided
       Status: New

** Changed in: oslo.middleware
       Status: New => Fix Released

** Changed in: keystone
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1550127

Title:
  Wrong IP Address for error message in keystone.log

Status in OpenStack Identity (keystone):
  Won't Fix
Status in oslo.middleware:
  Fix Released

Bug description:
  When the keystone public endpoint sits behind a reverse proxy,
  messages written to keystone.log contain the IP address of the proxy,
  not the IP address of the client.

  For example:

  2016-02-25 20:48:21.409 60 WARNING keystone.common.wsgi [-]
  Authorization failed. Could not find user: foo (Disable debug mode to
  suppress these details.) (Disable debug mode to suppress these
  details.) from 192.168.1.100

  The client's real IP address is passed with the request in the X
  -Forwarded-For header.

  Other OpenStack services, such as nova, glance, and cinder have a
  configuration option

      use_forwarded_for = true

  When this is set, their corresponding API log files record the
  client's real IP address as gleaned from X-Forwarded-For.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1550127/+subscriptions