I've searched this forum but can't seem to find a solution.
I have a NextCloud instance running on Ubuntu 16.04 (xenial) sitting behind Sophos. I've setup Webserver Protection and can access the server properly. All of this is working perfectly. However, I wanted to be able to use fail2ban to block IPs with excessive incorrect logins. The problem is that fail2ban is only recording the UTM IP address in its logs. I've seen posts about a solution when using IIS but I'm not using MS IIS. The NextCloud server is Apache on Ubuntu 16.04. I also recognize that I could use DNAT instead of Webserver Protection however, I have more than 1 webserver using port 443 and I need Webserver Protection to be able to route properly otherwise I can only use a single server on that port.
Any thoughts on how this can be resolved? I'd like for the users' IP addresses to be recorded rather than the UTM IP address.
This thread was automatically locked due to age.
