Wrong IP logged and blocked #101
Comments
|
Hi @novastream , We have a limitation for Country-based Exception rules: When configuring exceptions in Asset edit->Exceptions Tab, an exception rule using the keys Country Name or Country Code cannot be defined with additional conditions based on other keys in the same exception. There’s an implicit OR logic between different exception rules, so it is possible to define different exception rules, some using country code/name, and others using other keys. This could cause the issue so I recommend dividing it into a few exceptions. If this doesn't solve the issue could you please an example of the logs and IP to info@openappsec.io? we'll look into this. Best, |
|
So I have other skip rules defined with AND logic and one geo rule using country codes with OR logic is this OK or is it possible to define this geo exception on a global level so its used in all assets? |
|
I see a similar issue about a wrongly logged Ip address like novastream. I do not use Geoblocking, but realized, I also get a wrong, Asian source IP (42.2.1.x) logged in the openappsec monitoring. But when I compare to the nginx access log, I see the correct IPv6 source addresses from my country (EU). Maybe the problem lies in IPv6? I don't see any single IPv6 source in the openappsec log (on the my.openappsec.io platform). |
|
Hi @topt, Could you please send both IPs (The correct and the one logged in the open-appsec logs) to info@openappsec.io? Thank you! open-appsec team |
|
@topt seems we have a similar issue. The IP reported on my side is also 42.2.1.x and my servers also reside in EU. |
|
Im having the same Issues. Ipv6 addresses are logged as 42.x.x.x. I cannot use openappsec effectively like that. |
|
I also still see 42.x.x.x IPs logged when accessing using IPv6. Any updates to this? Using Agent Verion 1.1.7 now. |
|
Same issue here with IPv6 For example, 195b:e718:f78c:e8b6:329e:13fc:1d1f:ac65 (generated randomly) turns into 25.91.231.24 |
|
is this maybe fixed now? For the first time I see IPv6 addresses logged on the my.openappsec.io dashboard, using Agent V 1.1.9. |
|
also on 1.1.9, still ipv4 only for me, even after restarting the cp-nano-agent. Maybe you did something to make ipv6 show up? |
|
Hi all, We've made some progress in solving the issue, and we hope to have a complete solution in our next version, thank you for your patience! Best, open-appsec team |
Hi,
So i've multiple assets, one called WinterCMS and one called Wordpress. Both assets has the same GEO blocking (about 20 countries).
My friend called and said he couldn't access a site within the Wordpress asset but he could access another site in the WinterCMS asset. He game me his public IP from whatsmyipaddress.com and I looked in the log but couldn't find his IP.
We talked on the phone and every refresh he did logged as an asian countrys IP and was prevented due to the geo blocking rules. We removed said country from the GEO Blocking rules and he could access the site without any problem.
He do not use any VPN services and clearly whatsmyipaddress.com got the correct public IP.
What could be wrong?
The text was updated successfully, but these errors were encountered: