Reverse proxy and Cerberus IP Manager

General help on how to use Cerberus. Questions on how a particular feature works, how to use feature x with feature y... Please read the "How to use this forum" article before posting.
Post Reply
Selcouth
Posts: 1
Joined: Thu May 11, 2017 12:10 pm

Reverse proxy and Cerberus IP Manager

Post by Selcouth » Thu Jun 21, 2018 2:53 pm

Similar to this thread, I wish to use Cerberus for FTP/SFTP connections behind a reverse proxy but still utilize the wonderful built in IP manager and brute force rules. At the moment I'm thinking I need to use some sort of inspection in front of Cerberus and in place of the IP manager. Does anyone have any outside of the box ideas that might lead to a solution?

jordanautomations
New User
Posts: 3
Joined: Fri Aug 29, 2014 11:50 am

Re: Reverse proxy and Cerberus IP Manager

Post by jordanautomations » Wed Dec 19, 2018 10:26 am

what vendor are you using for a reverse proxy?

kaluaabyss
New User
Posts: 7
Joined: Mon Oct 23, 2017 12:59 pm

Re: Reverse proxy and Cerberus IP Manager

Post by kaluaabyss » Fri Mar 01, 2019 5:52 pm

I recently tried to get this working (for SFTP) as well and believe it may be a feature request at this point.

We use Citrix ADCs for reverse proxy and after following their documentation for TCP/IP header insertion in TCP payload, I found that Cerberus denies connections made with this feature enabled and generates the error "Connection is not an SSH 2.0 connection". Remove the header insertion and connections come through just fine, except that the true client IP is not known by Cerberus and the IP manager will block the reverse proxy IP instead.

https://support.citrix.com/article/CTX205670

If this is on the development team's radar or if someone is accomplishing this with Citrix ADCs or other reverse proxies I'd love to hear more.

Post Reply