Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Shipped
Workspace Domino
Categories Administration
Created by Guest
Created on Aug 2, 2018

Include XForwardedFor IP address in log.nsf / domlog.nsf

Since 9.0.1FP8 there is a notes.ini entry HTTP_LOG_ACCESS_XFORWARDED_FOR to get the ip address of the user when you use a load balancer in front of a Domino server.

After activating you can see the x-forwarded-for IP address in the http log, but you have to change the design in the domlog.nsf (Jesper Kiaer blogged about it http://nevermind.dk/nevermind/blog.nsf/subject/making-x-forwarded-for-log-feature-ibm-domino-fp8-actually-work)


If the user enters an incorrect password the IP address of the load balancer is logged (nHTTP: user@name.xx [xx.xx.xx.xx] authentication failure using internet password), even if the entry HTTP_LOG_ACCESS_XFORWARDED_FOR is set.

Martin Vogel

  • Attach files
  • Guest
    Reply
    |
    Jan 20, 2022

    Hi Thomas - did this get incorporated into 12.0.1 ?

  • Admin
    Thomas Hampel
    Reply
    |
    Aug 10, 2021

    Properly logging the XFORWARDED_FOR address will be done in Domino 12.0.1

  • Guest
    Reply
    |
    Mar 12, 2021

    As my request was merged into this idea - the XFORWARDED_FOR address should be also used by the bulit in Security Feature, as this feature is useless in a proxy environment.

  • Guest
    Reply
    |
    Aug 28, 2019

    Another comment from me ..

    We have customers who need a solution today.
    So I wrote an Extension Manager (EM) which will find the request in the domlog.nsf with a 401 and gets the IP provided via X-Forward-For header.

    The documents in domlog.nsf can even be discarded by the EM before updating (to prevent the domlog.nsf to get full).

    We can start an agent running on the document to pass the information to another service like a fail2ban running on another machine.

    In my current customer project I leveraged the new LS HTTP request class to pass the data directly to a NGINX server which have a custom fail2ban configuration for the errors which are logged.

    Here is the post to my fail2ban blog entry:

     

    http://blog.nashcom.de/nashcomblog.nsf/dx/fail2ban-support-for-domino-intrusion-detection.htm

    [ Daniel Nashed / http://blog.nashcom.de ]


  • Guest
    Reply
    |
    Aug 12, 2019

    Yes please! this should be enhanced. Just logging the IP to the domlog.nsf document isn't completely helpful.
    It would make sense to also allow use the x-forward header for the error message on the console.
    there are integrations like fail2ban and also other applications for intrusion detection.

    Those applications collect log information from plain text log files like console.log but cannot access a NSF file like domlog.nsf

    [ Daniel Nashed / http://blog.nashcom.de ]

  • Guest
    Reply
    |
    Aug 3, 2018

    :-)  A working link

3 MERGED

Accept/use XFORWARDED_FOR in Security Feature

Merged
Security Feature is requested by a customer, but they have a proxy in front, so that the real user-address is in header field XFORWARDED_FOR.
almost 4 years ago in Domino / Security 1 Shipped