Hi, I have a question for ipwhitelist middleware:
I used this plugin configured like this:
http:
middlewares:
ipwhitelist:
ipWhiteList:
sourceRange:
- “10.0.68.0/24”
- “79.60.79.128/32”
if I try to reach the portal it returns forbidden, even though I am in the private network 10.0.68.0/24 and I show up with clientHost 10.0.68.202
the same thing applies when I show up with public ip 79.6.79.128.
below the logs:
{
"ClientAddr":"10.140.3.4:16459",
"ClientHost":"10.0.68.202",
"ClientPort":"16459",
"ClientUsername":"-",
"DownstreamContentSize":9,
"DownstreamStatus":403,
"Duration":213969,
"GzipRatio":0,
"OriginContentSize":0,
"OriginDuration":0,
"OriginStatus":0,
"Overhead":213969,
"RequestAddr":"surveycl.company.it",
"RequestContentSize":0,
"RequestCount":276,
"RequestHost":"surveycl.company.it",
"RequestMethod":"GET",
"RequestPath":"/auth/login",
"RequestPort":"-",
"RequestProtocol":"HTTP/1.1",
"RequestScheme":"https",
"RetryAttempts":0,
"RouterName":"formbricks-login-coll-01@file",
"SpanId":"0000000000000000",
"StartLocal":"2025-02-25T22:34:49.557045099+01:00",
"TLSCipher":"TLS_AES_128_GCM_SHA256",
"TLSVersion":"1.3",
"TraceId":"00000000000000000000000000000000",
"entryPointName":"websecure",
"level":"info",
"msg":"",
"time":"2025-02-25T22:34:49+01:00"
}
so I think the middleware matches the ClientAddr that corrplies to the pfsense balancer that passes the various requests to the traefik container.
- is it possible to make it match the ClientHost and thus the actual ip of the client?
- is it possible to log the policy and/or middleware used in the logs?
Thanks