+1 vote

I have deployed Adaxes on an internal network and use a Microsoft AD FS Web Application Proxy to publish the web interface to external networks. After reviewing the Logging in the Adaxes Administration Console, I noticed that the IP address of the Web Application Proxy is captured instead of the real client IP address.

As a result, log entries always take the following form:

Sign in to Web Interface Common Sign In from <IP address of AD FS WAP>

The Installation Guide documents using an "application delivery controller" to make the Web Interface accessible from outside the local network.

I have verified that the AD FS Web Application Proxy is correctly setting the X-Forwarded-For HTTP header, and that IIS is able to capture the X-Forwarded-For header with custom logging after referenceing this Microsoft Tech Community article.

Is it possible to configure Adaxes to log the external IP address?

by (260 points)

1 Answer

0 votes
by (182k points)

Hello,

Unfortunately, there is no such possibility.

0

Thank you for the quick answer.

Accurate logging is important for security, compliance, and troubleshooting. The Installation Guide is misleading since it states the following as supported:

If you do not want to install a read-only domain controller and Adaxes Web Interface in the DMZ, but still need to make Web Interface accessible from outside, you can use an application delivery controller (e.g. Citrix NetScaler, Nginx, CloudFare, etc.). For example, the controller can be placed in the DMZ to accept requests from outside and pass them to the Adaxes Web Interface installed in your local network.

Could you please:

  1. Consider this question a feature request for accurate logging
  2. Update the Installation Guide with a warning in the above excerpt so that people will be aware of the logging inaccuracy if they choose that deployment topology
0

Hello,

Thank you for the suggestions, we will consider them.

Related questions

0 votes
1 answer

I would like to be able to build a workflow whereby, after creating a user, a business rule will check certain user attributes/group memberships etc and then, if required, ... ways that this could be achieved to make a 'joined up' process? Thanks, Bernie

asked Aug 24, 2019 by Bernie (1.8k points)
0 votes
1 answer

Hello, Is it possible to capture properties of a user before and after it is changed and put both entries in an email? For example: Joe User has his title ... that user with the previous title (Accounting Clerk) and the new title (Accounting Supervisor)?

asked Mar 9 by sgordon213 (460 points)
0 votes
1 answer

Adaxes support, Is there a way to disable the red x icon in the search results window on a user account. This icon appears by defualt when we disable an account but ... allows is to enable the users picture. Can this be accomplished in the xml config files?

asked Aug 22, 2013 by rjthompson (850 points)
0 votes
1 answer

We have the 2017 version of ADAXES, and recently decided to deploy the Self-Servece but even the agent is installed on computers and we did all configuration (gpo, and ... denied" on lock scree process but the users can perform their change password from IE!

asked Mar 12 by Gabriel Abarca (250 points)
0 votes
1 answer

Hello, I need to modify e-mails for all users in an OU. Does anyone know how to do it quickly? Thanks

asked Jun 4, 2018 by miesam (280 points)
2,251 questions
2,011 answers
5,504 comments
24,681 users