Opened 6 years ago
Closed 5 years ago
#2342 closed task (fixed)
OSGeo UserID registration logs contain unusable IP address
| Reported by: | strk | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | Sysadmin Contract 2019-II |
| Component: | SysAdmin | Keywords: | ldap |
| Cc: | robe |
Description
They log IP address of the gateway (ngnix?) Example: ... registered from 10.88.1.4 .... ... registered from fd42:a5ff:18d2:7141:216:3eff:feff:3c88 ...
Note that: 8.8.c.3.f.f.e.f.f.f.e.3.6.1.2.0.1.4.1.7.2.d.8.1.f.f.5.a.2.4.d.f.ip6.arpa domain name pointer nginx.lxd. 4.1.88.10.in-addr.arpa domain name pointer nginx.lxd.
Change History (5)
comment:1 by , 5 years ago
| Milestone: | → Sysadmin Contract 2019-II |
|---|---|
| Priority: | normal → critical |
comment:2 by , 5 years ago
The scripts are using REMOTE_ADDR env variable to retrive the user IP. What should then be changed to do ?
comment:5 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
The problem also affects the email sent to the registering user, which would be told that "someone from <internal_ip> requested an OSGeo account creation". This is a security issue as well as a user-facing issue.