Hi Pradeep and Aman ! I hope you are good.
Great ! Thanks for clarify the question :)
I think you should use the LB that fits with your needs, Nginx or HAProxy, etc is a good choice.
This issue is more related with a Nginx configuration rather than Wazuh configuration.
To fix it, you need to install
http_realip_module, --with-http_realip_module. Then we need to tell the reverse proxy to pass information to the backend nginx server.
- We can add thoses lines as a global configuration or per location:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;And use a log format like
log_format specialLog '$remote_addr forwarded for $http_x_real_ip - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
In some cases you will need to add this configuration :
set_real_ip_from x.x.x.x/x; # Ip/network of the reverse proxy (or ip received into REMOTE_ADDR)
real_ip_header X-Forwarded-For;
You can find more information about
here,
here and
here.
If you need anything more, please let us know :)