You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently I use my own domain and a nginx container to access Unraid webGui when I‘m not home because somehow Unraid Connect is not working in my case. LAN address is 192.168.31.72. However, once I (or someone) triggered Failed Login Restrictions, I cannot login anymore even after connecting to a different network to change my actual IP address. Because of the reverse proxy, $remote_addr is always set to 192.168.31.72 when I’m using my own domain to login. Can you add support for X-Forwarded-For and X-Real-IP so Unraid webGui can apply failed login restrictions correctly on the actual IP address instead of the LAN address 192.168.31.72?
The text was updated successfully, but these errors were encountered:
Just in case this is missed - support for X-Forwarded-For and X-Real-IP should be disabled by default (so the admin explicitly has to enable them in the settings somewhere). If this is implemented and enabled by default it allows an attacker to easily circumvent IP bans by just sending these headers.
Ideally, there should also be an (additional) optional parameter to only allow / parse these HTTP headers coming from source IPs in a particular subnet - that way you can configure Unraid to only parse these headers when coming from your local reverse proxy and not when they're coming from elsewhere.
Looks like the nginx binary in Unraid is compiled with the --with-http_realip_module option which should make this fairly easy to add. All that would be needed is some config page that adds entries like these to the nginx config:
Currently I use my own domain and a nginx container to access Unraid webGui when I‘m not home because somehow Unraid Connect is not working in my case. LAN address is
192.168.31.72
. However, once I (or someone) triggered Failed Login Restrictions, I cannot login anymore even after connecting to a different network to change my actual IP address. Because of the reverse proxy, $remote_addr is always set to192.168.31.72
when I’m using my own domain to login. Can you add support forX-Forwarded-For
andX-Real-IP
so Unraid webGui can apply failed login restrictions correctly on the actual IP address instead of the LAN address192.168.31.72
?The text was updated successfully, but these errors were encountered: