jira behind a proxy - known workarounds to see IP address of user sessions ?

AM February 26, 2012

To quote Nick Mason [Atlassian]

"Currently if JIRA is running behind Apache or another proxy server, the "User Sessions" page will show only the IP address of the reverse proxy itself, not the user."

Any ideas / known workarounds ..?

----

Quote taken from:

User Sessions page should read/show X-Forwarded-For HTTP header
https://jira.atlassian.com/browse/JRA-22399

6 answers

0 votes
AM March 25, 2012

Atlassian should point this out in the docs until JRA-22399 is fixed

https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache

0 votes
AM March 25, 2012

Okay, no workaround for a JIRA application admin (I'm not talking about access to logs via shell etc.).

Community,

this is a simple piece of work but could help a lot in proxy environments - please help by voting and writing comments:

https://jira.atlassian.com/browse/JRA-22399

Thanks
A-M

0 votes
AM February 27, 2012

Nic, you wrote:

"No - you'd need to configure all of the proxies in the chain to add/retain the information for Jira to pick up."

Would you explain how to this in general except (e.g. using Apache ) using http://en.wikipedia.org/wiki/X-Forwarded-For (or any other reverse proxy and proxy feature) ?

0 votes
Ivar
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 26, 2012

This was actually the main reason why we discontinued Crowd. The users IP address was unavailable to us unless we spent another 2000 € on a plug-in to ISA 2006 server to forward the original client IP adr. Without this - no SSO for our Confluence/Jira setup.

Ivar
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 26, 2012

@Nic; say that to Atlassian, not me. It is their solution for SSO that uses IP-adr, not mine :) We just tried to comply with the given security model they've implemented, without success.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 26, 2012

You shouldn't be doing any form of security (including SSO authentication) with IP addresses, it's an absolute doddle to bypass and hack (assuming you're not on a completely physically closed network)

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 26, 2012

No - you'd need to configure all of the proxies in the chain to add/retain the information for Jira to pick up. The only workaround I know of is to read the proxy logs to find out what the incoming connections present (and bear in mind IP addresses are only useful for debugging on your local network, and shouldn't be used for much else)

AM February 27, 2012

Nic, you wrote:

"No - you'd need to configure all of the proxies in the chain to add/retain the information for Jira to pick up."

Would you explain how to this in general except (e.g. using Apache ) using http://en.wikipedia.org/wiki/X-Forwarded-For (or any other reverse proxy and proxy feature) ?

0 votes
Radu Dumitriu
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 26, 2012

None that I know.

Suggest an answer

Log in or Sign up to answer