This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Matomo behind Web Appl Firewall changes client IP

I try to setup Matomo for tracking the visitors to my web sies.

I figured out, that Matomo doesn't receive the client IP addres. The debug information shows allways the internal IP address of the sophos interface.

I have also running IceCast behind sophos UTM and Icecast always shows the right IP.

Has somebody running Matomo behind Sophos UTM 9 und could soport me?

Thanks in advanced, Hans-Georg.



This thread was automatically locked due to age.
Parents
  • I forget to mention, that the IceCast is behind a NAT. Vor the Web sites I use WAF, because I have different urls and sub-urls which located on different servers.

  • Hi : Do you mean your website hosted over WAF on XG?  

    If Yes, then in that case WAF is reverse proxy in a nature which means from external world traffic will come to XG and XG-WAF will initiate a session to LAN or DMZ server. Due to this XG WAF is changing the source IP when traffic is forwarded to the protected web server, rather than showing the original client IP. This is by design and how WAF works.

    Please refer below help guide for reference:

    http://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/tasks/WebServerProtectionRule.html

    Under “Description” of “Hosted address” below information has been documented:

    When a client establishes a connection and accesses the web server, the web server does not obtain the client’s real IP address. The server obtains the address of the interface used by the web application firewall (WAF) because the connection is made through the WAF. The client’s real IP address is available in the HTTP header.

    On the end server you can see the IP for "X-Forwarded-For" header and you will get the actual source IP details via this header field.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • Hi : Do you mean your website hosted over WAF on XG?  

    If Yes, then in that case WAF is reverse proxy in a nature which means from external world traffic will come to XG and XG-WAF will initiate a session to LAN or DMZ server. Due to this XG WAF is changing the source IP when traffic is forwarded to the protected web server, rather than showing the original client IP. This is by design and how WAF works.

    Please refer below help guide for reference:

    http://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/tasks/WebServerProtectionRule.html

    Under “Description” of “Hosted address” below information has been documented:

    When a client establishes a connection and accesses the web server, the web server does not obtain the client’s real IP address. The server obtains the address of the interface used by the web application firewall (WAF) because the connection is made through the WAF. The client’s real IP address is available in the HTTP header.

    On the end server you can see the IP for "X-Forwarded-For" header and you will get the actual source IP details via this header field.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children