Hello,
I'm using this tag on my pi-hole container to filter request comming from other docker networks (where i have my VPN):
- "traefik.http.middlewares.pi-hole-ipallowlist.ipallowlist.sourcerange=172.18.0.0/24"
I get 403 forbidden anyway, if i use or i dont use my VPN.
Without VPN, my real IP is logged by traefik:
{
"ClientAddr": "91.xx.xx.xx:40692",
"ClientHost": "91.xx.xx.xx",
"ClientPort": "40692",
"DownstreamContentSize": 341,
"DownstreamStatus": 403,
"Duration": 4409630,
"OriginContentSize": 341,
"OriginDuration": 4257301,
"OriginStatus": 403,
"Overhead": 152329,
"RequestAddr": "my.domain.com",
"RequestContentSize": 0,
"RequestCount": 47,
"RequestHost": "my.domain.com",
"RequestMethod": "GET",
"RequestPath": "/",
"RequestPort": "-",
"RequestProtocol": "HTTP/2.0",
"RequestScheme": "https",
"RetryAttempts": 0,
"RouterName": "pi-hole@docker",
"ServiceAddr": "172.19.1.3:80",
"ServiceName": "pi-hole@docker",
"ServiceURL": "http://172.19.1.3:80",
"StartLocal": "2024-10-26T09:42:56.22315496Z",
"StartUTC": "2024-10-26T09:42:56.22315496Z",
"TLSCipher": "TLS_AES_128_GCM_SHA256",
"TLSVersion": "1.3",
"downstream_Content-Length": "341",
"downstream_Content-Type": "text/html",
"downstream_Date": "Sat, 26 Oct 2024 09:42:56 GMT",
"downstream_Server": "lighttpd/1.4.59",
"entryPointName": "https",
"level": "info",
"msg": "",
"origin_Content-Length": "341",
"origin_Content-Type": "text/html",
"origin_Date": "Sat, 26 Oct 2024 09:42:56 GMT",
"origin_Server": "lighttpd/1.4.59",
"request_Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8",
"request_Accept-Encoding": "gzip, deflate, br, zstd",
"request_Accept-Language": "es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3",
"request_Cookie": "PHPSESSID=####",
"request_Priority": "u=0, i",
"request_Sec-Fetch-Dest": "document",
"request_Sec-Fetch-Mode": "navigate",
"request_Sec-Fetch-Site": "none",
"request_Sec-Fetch-User": "?1",
"request_Te": "trailers",
"request_Upgrade-Insecure-Requests": "1",
"request_User-Agent": "REDACTED",
"request_X-Forwarded-Host": "my.domain.com",
"request_X-Forwarded-Port": "443",
"request_X-Forwarded-Proto": "https",
"request_X-Forwarded-Server": "830654571df4",
"request_X-Real-Ip": "91.xx.xx.xx",
"time": "2024-10-26T09:42:56Z"
}
And if i Use VPN:
{
"ClientAddr": "172.18.0.1:35062",
"ClientHost": "172.18.0.1",
"ClientPort": "35062",
"DownstreamContentSize": 341,
"DownstreamStatus": 403,
"Duration": 1846845,
"OriginContentSize": 341,
"OriginDuration": 1758575,
"OriginStatus": 403,
"Overhead": 88270,
"RequestAddr": "my.domain.com",
"RequestContentSize": 0,
"RequestCount": 52,
"RequestHost": "my.domain.com",
"RequestMethod": "GET",
"RequestPath": "/",
"RequestPort": "-",
"RequestProtocol": "HTTP/2.0",
"RequestScheme": "https",
"RetryAttempts": 0,
"RouterName": "pi-hole@docker",
"ServiceAddr": "172.19.1.3:80",
"ServiceName": "pi-hole@docker",
"ServiceURL": "http://172.19.1.3:80",
"StartLocal": "2024-10-26T09:45:07.241544857Z",
"StartUTC": "2024-10-26T09:45:07.241544857Z",
"TLSCipher": "TLS_AES_128_GCM_SHA256",
"TLSVersion": "1.3",
"downstream_Content-Length": "341",
"downstream_Content-Type": "text/html",
"downstream_Date": "Sat, 26 Oct 2024 09:45:07 GMT",
"downstream_Server": "lighttpd/1.4.59",
"entryPointName": "https",
"level": "info",
"msg": "",
"origin_Content-Length": "341",
"origin_Content-Type": "text/html",
"origin_Date": "Sat, 26 Oct 2024 09:45:07 GMT",
"origin_Server": "lighttpd/1.4.59",
"request_Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8",
"request_Accept-Encoding": "gzip, deflate, br, zstd",
"request_Accept-Language": "es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3",
"request_Cookie": "PHPSESSID=####",
"request_Priority": "u=0, i",
"request_Sec-Fetch-Dest": "document",
"request_Sec-Fetch-Mode": "navigate",
"request_Sec-Fetch-Site": "none",
"request_Sec-Fetch-User": "?1",
"request_Te": "trailers",
"request_Upgrade-Insecure-Requests": "1",
"request_User-Agent": "REDACTED",
"request_X-Forwarded-Host": "my.domain.com",
"request_X-Forwarded-Port": "443",
"request_X-Forwarded-Proto": "https",
"request_X-Forwarded-Server": "830654571df4",
"request_X-Real-Ip": "172.18.0.1",
"time": "2024-10-26T09:45:07Z"
}
I'm getting 403 even through IP 172.18.0.1 is within 172.18.0.0/24 network. I've also tried 172.18.0.1/24 with not success, also 172.18.0.1/32. What am i missing?
Thank you.