This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

connect the sspr v4.5 after a proxy and receive the ip address of the client ?

how can i connect the sspr v4.5 after a proxy and receive the ip address of the client in my intruder message after a bad login i can see its ID but i receive the address of the proxy. the variable that saves the ip of the client is X-MCDN-REMOTE-ADDR how can i set the SSPR to use this variable for the client address

  • Suggested Answer

    0  

    Typically, proxies use the X-Forwarded-For header for this purpose. This is supported by SSPR and its use can be enabled in the web security settings: www.netiq.com/.../t4do2x6p7oyq.html

  • 0 in reply to   

    Hello,

    this function is well configured but I still don't have the right ip address on my intruder message it's still the address of my proxy server.

    perpetratorID=xxxxx

    perpetratorDN=cn=xxxxxxxxxxxxxx

    perpetratorLdapProfile=META-PROD

    sourceAddress=172.21.xx.xx

    sourceHost=172.21.xx.xx

    type=USER

    eventCode=INTRUDER_USER_ATTEMPT

    guid=44d7820d-3f53-43d7-85a8-f18965290cab

    timestamp=2021-05-05T12:53:15Z

    narrative=xxxxx account has had an invalid login attempt (intruder attempt) xdasTaxonomy=XDAS_AE_IDS_SUSPICIOUS

    xdasOutcome=XDAS_OUT_SUCCESS

    SourceAddress and sourceHost are the ip of our proxy and not the ip of the client.