Search found 7 matches

by kaluaabyss
Fri Mar 01, 2019 5:58 pm
Forum: Suggestions
Topic: Gateway/Proxy for a DMZ/production architecture?
Replies: 10
Views: 11519

Re: Gateway/Proxy for a DMZ/production architecture?

I know this is an old thread, but has anyone had any success with a proxy in front of cerberus? I've been tasked with implementing this type architecture and hoping to be able to find a solution that doesn't involve replacing cerberus. I've configured a Citrix ADC as a reverse proxy for HTTPS and S...
by kaluaabyss
Fri Mar 01, 2019 5:52 pm
Forum: General Help
Topic: Reverse proxy and Cerberus IP Manager
Replies: 2
Views: 2206

Re: Reverse proxy and Cerberus IP Manager

I recently tried to get this working (for SFTP) as well and believe it may be a feature request at this point. We use Citrix ADCs for reverse proxy and after following their documentation for TCP/IP header insertion in TCP payload, I found that Cerberus denies connections made with this feature enab...
by kaluaabyss
Thu Oct 26, 2017 3:01 pm
Forum: Suggestions
Topic: Append Log Entry for Connections with X-Forwarded-For IP
Replies: 1
Views: 1754

Append Log Entry for Connections with X-Forwarded-For IP

Currently (9.0.0.6), when a proxied connection is received the log shows something similar to: Incoming connection request on HTTPS interface x at <local IP> accepted from <proxy IP> Cerberus is aware of the X-Forwarded-For header which contains the real client IP, but does not indicate it in this l...
by kaluaabyss
Thu Oct 26, 2017 2:19 pm
Forum: General Help
Topic: Request Header inspection for client ip
Replies: 5
Views: 3254

Re: Request Header inspection for client ip

Thanks pacman. My Cerberus version is 9.0.0.6 which appears to be the latest. The actual packet received by the Cerberus server has X-Forwarded-For in it, but the Cerberus Log is not referencing it. Not sure what I could tell the reverse proxy vendor given the fact that the header is being appended ...
by kaluaabyss
Wed Oct 25, 2017 4:13 pm
Forum: General Help
Topic: Request Header inspection for client ip
Replies: 5
Views: 3254

Re: Request Header inspection for client ip

I added a HTTP version of my configuration so I could inspect the packets easily and verified X-Forwarded-For is in the received packets. Unfortunately, the Cerberus Log is still showing the Netscaler's SNIP instead of the X-Forwarded-For IP.

Any ideas?

Thank you.
by kaluaabyss
Wed Oct 25, 2017 12:29 pm
Forum: General Help
Topic: Request Header inspection for client ip
Replies: 5
Views: 3254

Re: Request Header inspection for client ip

Thanks for your reply. Good to know it should be working for HTTPS - now to figure out why it isn't.
by kaluaabyss
Mon Oct 23, 2017 2:26 pm
Forum: General Help
Topic: Request Header inspection for client ip
Replies: 5
Views: 3254

Request Header inspection for client ip

Does Cerberus inspect the header for fields like 'X-forwarded-for' in order to capture the real client IP? In our environment, a Netscaler is acting as a reverse proxy in our DMZ. Cerberus only captures the Netscaler's SNIP instead of the real client IP. I've tried sending 'X-forwarded-for' but I do...