[SOLVED] zimbraHttpThrottleSafeIPs and proxy

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
axslingr
Posts: 30
Joined: Sat Sep 13, 2014 2:20 am

[SOLVED] zimbraHttpThrottleSafeIPs and proxy

Postby axslingr » Wed Jan 03, 2018 11:08 pm

Hey guys, I'm having an issue where my users are getting the 'network service error' periodically due to authentication failures against the web client. The problem is that the ip address of the proxy server in front of the mailbox server is the ip that's getting suspended:

Code: Select all

2018-01-03 16:26:23,835 INFO  [qtp1595953398-1805:http://localhost:8080/service/soap/AuthRequest] [] misc - Access from IP 192.168.100.11 suspended, for repeated failed login.


192.168.100.11 is the proxy ip. Should I add this ip to the safe list or no? If no, what is the best way to get around this? I keep having to restart the mailbox service as a workaround.

Thanks!
Lance

Release 8.8.5.GA.1894.UBUNTU14.64 UBUNTU14_64 FOSS edition.


axslingr
Posts: 30
Joined: Sat Sep 13, 2014 2:20 am

Re: zimbraHttpThrottleSafeIPs and proxy

Postby axslingr » Thu Jan 04, 2018 12:49 am

I think I may have stumbled onto the answer:

https://wiki.zimbra.com/wiki/Log_Files# ... inating_IP

i've added my proxy ip to zimbraMailTrustedIP and restarted mailbox service. zimbra_http_originating_ip_header = X-Forwarded-For was already set.

Will post back results.

Lance
axslingr
Posts: 30
Joined: Sat Sep 13, 2014 2:20 am

Re: zimbraHttpThrottleSafeIPs and proxy

Postby axslingr » Fri Jan 05, 2018 12:21 pm

Well, as luck would have it, I haven't had any other break-in attempts yet. Still waiting...

Lance
axslingr
Posts: 30
Joined: Sat Sep 13, 2014 2:20 am

Re: zimbraHttpThrottleSafeIPs and proxy

Postby axslingr » Tue Jan 09, 2018 12:05 pm

Finally got some break-in attempts and following the wiki link above worked.

Lance
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1590
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.6.0 Patch 8
Contact:

Re: zimbraHttpThrottleSafeIPs and proxy

Postby L. Mark Stone » Tue Jan 09, 2018 1:56 pm

axslingr wrote:Finally got some break-in attempts and following the wiki link above worked.

Lance


Good to hear! For others who may come across this thread, 8.7 and above allows CIDR addressing for safe IP addresses, as documented here:
https://wiki.zimbra.com/wiki/DoSFilter

All the best,
Mark
________________________________________________
L. Mark Stone, General Manager
reliable networks, a Division of OTT Communications
HIPAA-Compliant Zimbra Hosting Provider since 2006 http://www.reliablenetworks.com
Zeta Alliancehttp://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 9 guests