+1 vote

I have deployed Adaxes on an internal network and use a Microsoft AD FS Web Application Proxy to publish the web interface to external networks. After reviewing the Logging in the Adaxes Administration Console, I noticed that the IP address of the Web Application Proxy is captured instead of the real client IP address.

As a result, log entries always take the following form:

Sign in to Web Interface Common Sign In from <IP address of AD FS WAP>

The Installation Guide documents using an "application delivery controller" to make the Web Interface accessible from outside the local network.

I have verified that the AD FS Web Application Proxy is correctly setting the X-Forwarded-For HTTP header, and that IIS is able to capture the X-Forwarded-For header with custom logging after referenceing this Microsoft Tech Community article.

Is it possible to configure Adaxes to log the external IP address?

by (260 points)

1 Answer

0 votes
by (169k points)

Hello,

Unfortunately, there is no such possibility.

0

Thank you for the quick answer.

Accurate logging is important for security, compliance, and troubleshooting. The Installation Guide is misleading since it states the following as supported:

If you do not want to install a read-only domain controller and Adaxes Web Interface in the DMZ, but still need to make Web Interface accessible from outside, you can use an application delivery controller (e.g. Citrix NetScaler, Nginx, CloudFare, etc.). For example, the controller can be placed in the DMZ to accept requests from outside and pass them to the Adaxes Web Interface installed in your local network.

Could you please:

  1. Consider this question a feature request for accurate logging
  2. Update the Installation Guide with a warning in the above excerpt so that people will be aware of the logging inaccuracy if they choose that deployment topology
0

Hello,

Thank you for the suggestions, we will consider them.

Related questions

0 votes
1 answer

I would like to be able to build a workflow whereby, after creating a user, a business rule will check certain user attributes/group memberships etc and then, if required, ... ways that this could be achieved to make a 'joined up' process? Thanks, Bernie

asked Aug 24, 2019 by Bernie (1.6k points)
0 votes
1 answer

Adaxes support, Is there a way to disable the red x icon in the search results window on a user account. This icon appears by defualt when we disable an account but ... allows is to enable the users picture. Can this be accomplished in the xml config files?

asked Aug 22, 2013 by rjthompson (850 points)
0 votes
1 answer

Hello, I need to modify e-mails for all users in an OU. Does anyone know how to do it quickly? Thanks

asked Jun 4, 2018 by miesam (280 points)
0 votes
1 answer

Hello, I need to modify e-mails for all users in an OU. Does anyone know how to do it quickly? Thanks

asked Sep 24, 2009 by tjohns (250 points)
0 votes
1 answer

Hi Forum, is it possible to disable the email notification for all actions in Approval Requests? Thanks a lot

asked Nov 18, 2015 by esoAdxAdmin (3.6k points)
2,087 questions
1,855 answers
5,220 comments
1,942 users