Matomo behind Web Appl Firewall changes client IP

Question

I try to setup Matomo for tracking the visitors to my web sies. 
 I figured out, that Matomo doesn't receive the client IP addres. The debug information shows allways the internal IP address of the sophos interface. 
 I have also running IceCast behind sophos UTM and Icecast always shows the right IP. 
 
 Has somebody running Matomo behind Sophos UTM 9 und could soport me? 
 
 Thanks in advanced, Hans-Georg.

Vishal_R · Accepted Answer

Hi HGA : Do you mean your website hosted over WAF on XG? If Yes, then in that case WAF is reverse proxy in a nature which means from external world traffic will come to XG and XG-WAF will initiate a session to LAN or DMZ server. Due to this XG WAF is changing the source IP when traffic is forwarded to the protected web server, rather than showing the original client IP. This is by design and how WAF works. Please refer below help guide for reference: http://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/tasks/WebServerProtectionRule.html 
 
 Under &ldquo;Description&rdquo; of &ldquo;Hosted address&rdquo; below information has been documented: 
 When a client establishes a connection and accesses the web server, the web server does not obtain the client&rsquo;s real IP address. The server obtains the address of the interface used by the web application firewall (WAF) because the connection is made through the WAF. The client&rsquo;s real IP address is available in the HTTP header. 
 On the end server you can see the IP for "X-Forwarded-For" header and you will get the actual source IP details via this header field.

Matomo behind Web Appl Firewall changes client IP

Top Replies