Reverse proxy Invalid source IP address format

[Graham Barnett]

I hope this helps others to get to the bottom of reverse proxy config issues.

If you get stuck with:
[OpenOTP] Invalid source IP address format

[OpenOTP] Public application endpoint denied by proxy configuration

and you are using IIS as a reverse proxy and you believe you have set up the HTTP_X_FORWARDED_FOR and HTTP_X_FORWARDED_HOST correctly try the following steps:

1. in your IIS proxy service Logging add custom field HTTP_X_FORWARDED_FOR (server variable) https://support.kemptechnologies.com/hc/en-us/articles/360002861712-How-to-Add-an-X-Forwarded-For-Header-and-Configure-IIS-Logging Restart the IIS service.
2. Try doing a test OTP login.
3. Check your IIS logs (you may have to wait 30 seconds or so as they lazy write) 
4. If you see something like this: 192.168.244.1,+192.168.244.1:38030 in the HTTP_X_FORWARDED_FOR column (and you were expecting a simple ipv4 address) it means you have proxy chaining going on, and you should have your reverse_proxies configured for proxy chaining like:

reverse_proxies "192.168.244.12 2", "192.168.244.1 1"

[rcdevs please can you update your docs e.g. section 12 of https://www.rcdevs.com/docs/howtos/openotp_push/push_login_openotp/ !]

Enjoy !