This is easy,
1. Use a SIEM on the NGINX or Apache log files set your trigger to look
for the api token.
2. Parse the log file directly using bash awk sed if fi else then pull
the IP address
3. Create a new table in the Guacamole database then add a variable to
the connection info page, take option 2 and inject the IP to the new
table to be displayed.
4. Put a Layer 7 firewall in front of the Guacamole system and capture
all data streams to and from (assuming this is external use).
*Thank You*
Sean Hulbert
*Founder / CEO*
*Security Centric Inc.*
A Cybersecurity Virtualization Enablement Company
/StormCloud Gov, Protected CUI Environment!/
Industry's most secure virtual desktops!
*/FedRAMP MIL4 in process (RAR)/*
System Award Management
*CAGE: 8AUV4*
*SAM ID: UMJLJ8A7BMT3*
AFCEA San Francisco Chapter President
If you have heard of a hacker by name, he/she has failed, fear the
hacker you haven’t heard of!
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the
use of the intended recipient(s). Unauthorized interception, review, use
or disclosure is prohibited and may violate applicable laws including
the Electronic Communications Privacy Act. If you are not the intended
recipient, please contact the sender and destroy all copies of the
communication. Content within this email communication is not legally
binding as a contract and no promises are guaranteed unless in a formal
contract outside this email communication.
igitur qui desiderat pacem, praeparet bellum!!!
Epitoma Rei Militaris
On 4/26/2024 6:10 AM, Nick Couchman wrote:
On Fri, Apr 26, 2024 at 6:47 AM Molina de la Iglesia, Manuel
<manuel.molina-de-la-igle...@veolia.com.invalid> wrote:
Hello,
After following the provided documentation, I cannot find a
solution to get the real client IP.
I have my application (PHP) on the same Guacamole Server, this
application gets the user token:
image.png
The Tomcat log (after use the following pattern on the server.xml
valve) I use: %{x-forwarded-for}i %l %u %t "%r" %s %b
The log is OK (display the user IP)
image.png
This does not look like the Tomcat log, this looks like a log for
httpd or Nginx, which means *that* is getting your client IP address.
Do you have your Proxy configured to pass the X-Forwarded-For header
through to Tomcat?
-Nick
