sftpgo icon indicating copy to clipboard operation
sftpgo copied to clipboard

Published 20 hours ago verified publisher icon drakkan

[Bug]: proxy_allowed not working in latest image

Open ziporah opened this issue 7 months ago • 0 comments

⚠️ This issue respects the following points: ⚠️

  • [X] This is a bug, not a question or a configuration issue.
  • [X] This issue is not already reported on Github (I've searched it).

Bug description

The proxy_protocol allowed isn't working in the latest version.

Steps to reproduce

  1. configure sftp with proxy allowed
    Environment:
      SFTPGO_COMMON__PROXY_ALLOWED__0:             193.58.149.121
      SFTPGO_COMMON__PROXY_ALLOWED__1:             193.58.149.122
      SFTPGO_COMMON__PROXY_PROTOCOL:               2
      SFTPGO_COMMON__PROXY_SKIPPED__0:             10.241.253.0/24
  1. Run sftp command trough proxy with proxy protocol configured
  2. Log shows error
{"level":"debug","time":"2024-06-26T08:12:46.238","sender":"sftpd","message":"failed to accept an incoming connection from ip \"193.58.149.121\": proxyproto: upstream connection sent PROXY header but isn't allowed to send one"}
{"level":"debug","time":"2024-06-26T08:12:46.238","sender":"connection_failed","client_ip":"193.58.149.121","username":"","login_type":"no_auth_tried","protocol":"SSH","error":"proxyproto: upstream connection sent PROXY header but isn't allowed to send one"}

Expected behavior

the pod should accept the connection

SFTPGo version

2.6.x image

Data provider

sqlite

Installation method

Community Docker image

Configuration

Environment:
  SFTPGO_COMMON__PROXY_ALLOWED__0:             193.58.149.121
  SFTPGO_COMMON__PROXY_ALLOWED__1:             193.58.149.122
  SFTPGO_COMMON__PROXY_PROTOCOL:               2
  SFTPGO_COMMON__PROXY_SKIPPED__0:             10.241.253.0/24
  SFTPGO_DEFAULT_ADMIN_USERNAM:  username
  SFTPGO_DEFAULT_ADMIN_PASSWORD: password

Relevant log output

{"level":"debug","time":"2024-06-26T08:12:46.238","sender":"sftpd","message":"failed to accept an incoming connection from ip \"193.58.149.121\": proxyproto: upstream connection sent PROXY header but isn't allowed to send one"}
{"level":"debug","time":"2024-06-26T08:12:46.238","sender":"connection_failed","client_ip":"193.58.149.121","username":"","login_type":"no_auth_tried","protocol":"SSH","error":"proxyproto: upstream connection sent PROXY header but isn't allowed to send one"}

What are you using SFTPGo for?

Enterprise

Additional info

It works fine with the 2.5.x image

ziporah avatar Jun 26 '24 08:06 ziporah