feat(authentication): enhance logging and integrate Fail2Ban configuration (#187) #188
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR includes several improvements to the authentication system's logging, along with a guide to integrating Fail2Ban to enhance the overall security of the WebDAV server.
Key Changes:
Improve IP Logging for Real Client IP Address:
feat(authentication): improve IP logging by extracting real client IP from X-Forwarded-For header
getRealRemoteIP
function to correctly extract the client's real IP address when requests come through a reverse proxy.r.RemoteAddr
.r.RemoteAddr
ifX-Forwarded-For
header is not present, maintaining compatibility with both proxy and non-proxy environments.Authentication Logging Enhancements:
feat(authentication): enhance login failure logging and reduce log volume
Fail2Ban Integration Guide:
docs: add Fail2Ban configuration guide to README
README.md
to guide users on how to configure Fail2Ban with WebDAV.filter.d
andjail.d
configurations, allowing users to automatically ban IP addresses that exceed the allowed number of failed login attempts.Issue Reference:
This PR closes #187, which requested improvements in logging details and Fail2Ban integration for better security.
Additional Context:
Real Client IP Address Extraction:
getRealRemoteIP
helps to accurately log the IP address of the actual client, especially when the server is behind a reverse proxy. This is crucial for accurate logging and security analysis.Fail2Ban Configuration:
Log Volume Optimization:
Feel free to review the changes. Let me know if any further adjustments are needed or if there are additional requirements!