waproxy admin portal

[sarge]

Hello, set up waproxy with webadm, they work together as it should, but cannot hode admin portal from waproxy, not reacting on changing publish to waproxy - setting on or off does nothing, webservices set to No in waproxy.conf didn't help too, also i cannot stop from publishing other webservices to waproxy, only thing which is works - hide webapp, but it does hide and from waporxy and from webadm

waporxy and webadm runs as docker

can you help me to hide admin portal from waproxy please? i did search manual, but didn't find how to do that

[Yoann Traut (RCDevs)]

Hello, 

Which version of WebADM and WAProxy are you talking about? 

By default, WAProxy do not publish the WebADM admin portal. 

Regards

[sarge]

Hell, waproxy is a fresh version, taken from here: https://hub.docker.com/r/rcdevs/waproxy/tags

also same goes for webadm too

[Yoann Traut (RCDevs)]

Hello, 

I give a try with last version of WAProxy and the WebADM admin portal is not published through WAProxy, which is the expected behavior.

Have you modified the /opt/waproxy/lib/httpd.ini file? 

Can you provide that file please?

Regards

[sarge]

Hello, thank you for help, the mentioned file was edited by hosting admins (they maintain server), asked them to restore original file and everything seems good, only when trying to access .../selfdesk/ im getting error: Could not get source IP address
but, if im not mistaken, it's something to do wit webadm.conf file

[Spyridon Gouliarmis (RCDevs)]

Against this sort of issue there's etckeeper, or simply configuration management tools like Ansible.

It's either webadm.conf, or the proxy does not send the right headers back to OpenOTP (which is specified in httpd.ini).

[sarge]

Will look at both files, thank you very much!

[sarge]

one more question, don't know if it related, but now i cannot register token with OpenOTP app on android even from webadm application site, getting error Invalid pin please retry (can it be because waproxy is configured?) tried to reinstall and remove cache and data without any luck

i see in webadm.log: Unexpected X-Forwarded-For HTTP header, it because of this?

[Spyridon Gouliarmis (RCDevs)]

You cannot trust "wrong {PIN|password}" displayed in user interfaces. Differences in displayed messages could allow an attacker to guess internal information with a little brute forcing, so it's always the same message. Only the logs matter.

Re: Unexpected X-Forwarded-For HTTP header, does your waproxy_proxies contain the right IP? Is reverse_proxies commented out?

[sarge]

It seems something wrong with my phone, i run android 15 beta, and i can register token with google authenticator, will try use app with other phone

Unexpected X-Forwarded-For HTTP header  - sorry, my bad, it was an old error message from log, when i was remover proxy IP, now it's gone

thank you for help