Page 1 of 2
[SOLVED] zimbraHttpThrottleSafeIPs and proxy
Posted: Wed Jan 03, 2018 11:08 pm
by axslingr
Hey guys, I'm having an issue where my users are getting the 'network service error' periodically due to authentication failures against the web client. The problem is that the ip address of the proxy server in front of the mailbox server is the ip that's getting suspended:
Code: Select all
2018-01-03 16:26:23,835 INFO [qtp1595953398-1805:http://localhost:8080/service/soap/AuthRequest] [] misc - Access from IP 192.168.100.11 suspended, for repeated failed login.
192.168.100.11 is the proxy ip. Should I add this ip to the safe list or no? If no, what is the best way to get around this? I keep having to restart the mailbox service as a workaround.
Thanks!
Lance
Release 8.8.5.GA.1894.UBUNTU14.64 UBUNTU14_64 FOSS edition.
Re: zimbraHttpThrottleSafeIPs and proxy
Posted: Thu Jan 04, 2018 12:49 am
by axslingr
I think I may have stumbled onto the answer:
https://wiki.zimbra.com/wiki/Log_Files# ... inating_IP
i've added my proxy ip to zimbraMailTrustedIP and restarted mailbox service. zimbra_http_originating_ip_header = X-Forwarded-For was already set.
Will post back results.
Lance
Re: zimbraHttpThrottleSafeIPs and proxy
Posted: Fri Jan 05, 2018 12:21 pm
by axslingr
Well, as luck would have it, I haven't had any other break-in attempts yet. Still waiting...
Lance
Re: zimbraHttpThrottleSafeIPs and proxy
Posted: Tue Jan 09, 2018 12:05 pm
by axslingr
Finally got some break-in attempts and following the wiki link above worked.
Lance
Re: zimbraHttpThrottleSafeIPs and proxy
Posted: Tue Jan 09, 2018 1:56 pm
by L. Mark Stone
axslingr wrote:Finally got some break-in attempts and following the wiki link above worked.
Lance
Good to hear! For others who may come across this thread, 8.7 and above allows CIDR addressing for safe IP addresses, as documented here:
https://wiki.zimbra.com/wiki/DoSFilter
All the best,
Mark
Re: [SOLVED] zimbraHttpThrottleSafeIPs and proxy
Posted: Tue Nov 12, 2019 6:53 am
by weblike
I have added to SafeIPS our internal subnet, 10.7.1.0/24, but this morning I saw in the log that one of internal IP's was blocked:
[qtp1231156911-17143://localhost:8080/service/soap/AuthRequest] [] misc - Access from IP 10.7.1.162 suspended, for repeated failed login.
Does this feature supports subnets?
Thank you
Re: [SOLVED] zimbraHttpThrottleSafeIPs and proxy
Posted: Wed Nov 13, 2019 12:25 pm
by weblike
Hello,
It's very strange because when I search the /opt/zimbra/log/mailbox.log with " cat mailbox.log | grep -i "DoSFilter: Configured whitelist IPs" "
I get different IP's than I run this command: zmprov gcf zimbraHttpThrottleSafeIPs
could anyone help on this please?
Re: [SOLVED] zimbraHttpThrottleSafeIPs and proxy
Posted: Wed Nov 13, 2019 1:30 pm
by phoenix
Why don't you post the zmprov output for all the attributes mentioned in the wiki article and some of the log file entries that show an 'incorrect ip' that you've mentioned in your post.
Re: [SOLVED] zimbraHttpThrottleSafeIPs and proxy
Posted: Wed Nov 13, 2019 5:18 pm
by weblike
This is the output:
Code: Select all
[root@mail log]# cat mailbox.log | grep -i "DoSFilter: Configured whitelist IPs"
2019-11-13 12:46:50,257 INFO [main] [] misc - DoSFilter: Configured whitelist IPs = 244.222.5.15,192.168.2.1,10.4.1.150,127.0.0.1,::1,0:0:0:0:0:0:0:1
2019-11-13 12:46:50,291 INFO [main] [] misc - DoSFilter: Configured whitelist IPs = 244.222.5.15,192.168.2.1,10.4.1.150,127.0.0.1,::1,0:0:0:0:0:0:0:1
2019-11-13 12:47:05,625 INFO [main] [] misc - DoSFilter: Configured whitelist IPs = 244.222.5.15,192.168.2.1,10.4.1.150,127.0.0.1,::1,0:0:0:0:0:0:0:1
2019-11-13 12:47:09,358 INFO [main] [] misc - DoSFilter: Configured whitelist IPs = 244.222.5.15,192.168.2.1,10.4.1.150,127.0.0.1,::1,0:0:0:0:0:0:0:1
[root@mail log]# su zimbra
[zimbra@mail log]$ zmprov gcf zimbraHttpThrottleSafeIPs
zimbraHttpThrottleSafeIPs: 10.4.1.0/24
zimbraHttpThrottleSafeIPs: 244.222.5.5
zimbraHttpThrottleSafeIPs: 244.222.5.6
zimbraHttpThrottleSafeIPs: 192.168.2.1
zimbraHttpThrottleSafeIPs: 244.222.31.94
zimbraHttpThrottleSafeIPs: 10.5.1.0/24
[zimbra@mail log]$
I have declared the IP's from zmprov command, but cannot recognize those from output of "cat mailbox.log | grep -i "DoSFilter: Configured whitelist IPs""
Where is the error?In my brain?
Re: [SOLVED] zimbraHttpThrottleSafeIPs and proxy
Posted: Wed Nov 13, 2019 8:37 pm
by L. Mark Stone
Please post the output from the following command:
Code: Select all
zmprov gs `zmhostname` zimbraHttpThrottleSafeIPs
It's possible zimbraHttpThrottleSafeIPs has been set explicitly at the server level; doing so overrides what is set at the global level (breaking inheritance).
Mark