Security audits not possible: real IP not logged

imc67

@nebulon @girish I'm discovering EspoCRM and really, this is an absolutely fantastic piece of software with lots of (hidden) gems!

However it is also a privacy related app because (of course) mostly used with personal data. Therefore they build in several audit possibilities.

But one is impossible to track: real IP of a user, only the docker internal IP is logged.

Can you please make it possible to log real IP's?

girish

@imc67 this seems like a packaging bug. I guess I have to set trust proxy IP somewhere. Let me check and get back.

marcusquinn

@imc67 DM me if you're interested to follow what I'm doing with it, been working with it for a solid 3 months now, and although it'll be a while before I can publish what I'm working on, happy to share privately.

Are you a power user, or also a coder by any chance? We're working on a fair few core improvements too.

girish

Was looking into this but it seems EspoCRM does not use proxy variables - https://github.com/espocrm/espocrm/issues/1928

girish

@imc67 I have pushed an update to fix this.

imc67

@girish I just updated the app but it’s still the docker IP being logged.

Edit: Somehow I needed to update the app 3 times! After the last time it works!

imc67

@marcusquinn said in Security audits not possible: real IP not logged:

Are you a power user

A power user

nebulon

@imc67 there were a couple of upstream releases shortly after each other, and we don't skip package updates, so you had to go through them one-by-one.