#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Include XForwardedFor IP address in log.nsf / domlog.nsf

Since 9.0.1FP8 there is a notes.ini entry HTTP_LOG_ACCESS_XFORWARDED_FOR to get the ip address of the user when you use a load balancer in front of a Domino server.

After activating you can see the x-forwarded-for IP address in the http log, but you have to change the design in the domlog.nsf (Jesper Kiaer blogged about it http://nevermind.dk/nevermind/blog.nsf/subject/making-x-forwarded-for-log-feature-ibm-domino-fp8-actually-work)


If the user enters an incorrect password the IP address of the load balancer is logged (nHTTP: user@name.xx [xx.xx.xx.xx] authentication failure using internet password), even if the entry HTTP_LOG_ACCESS_XFORWARDED_FOR is set.

Martin Vogel, sirius-net GmbH

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Aug 2 2018
  • Needs review
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    28 Aug, 2019 10:23am

    Another comment from me ..

    We have customers who need a solution today.
    So I wrote an Extension Manager (EM) which will find the request in the domlog.nsf with a 401 and gets the IP provided via X-Forward-For header.

    The documents in domlog.nsf can even be discarded by the EM before updating (to prevent the domlog.nsf to get full).

    We can start an agent running on the document to pass the information to another service like a fail2ban running on another machine.

    In my current customer project I leveraged the new LS HTTP request class to pass the data directly to a NGINX server which have a custom fail2ban configuration for the errors which are logged.

    Here is the post to my fail2ban blog entry:

     

    http://blog.nashcom.de/nashcomblog.nsf/dx/fail2ban-support-for-domino-intrusion-detection.htm

    [ Daniel Nashed / http://blog.nashcom.de ]


  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    12 Aug, 2019 06:52am

    Yes please! this should be enhanced. Just logging the IP to the domlog.nsf document isn't completely helpful.
    It would make sense to also allow use the x-forward header for the error message on the console.
    there are integrations like fail2ban and also other applications for intrusion detection.

    Those applications collect log information from plain text log files like console.log but cannot access a NSF file like domlog.nsf

    [ Daniel Nashed / http://blog.nashcom.de ]

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    3 Aug, 2018 10:58am

    :-)  A working link