Security audits not possible: real IP not logged
-
@nebulon @girish I'm discovering EspoCRM and really, this is an absolutely fantastic piece of software with lots of (hidden) gems!
However it is also a privacy related app because (of course) mostly used with personal data. Therefore they build in several audit possibilities.
But one is impossible to track: real IP of a user, only the docker internal IP is logged.
Can you please make it possible to log real IP's?
-
@nebulon @girish I'm discovering EspoCRM and really, this is an absolutely fantastic piece of software with lots of (hidden) gems!
However it is also a privacy related app because (of course) mostly used with personal data. Therefore they build in several audit possibilities.
But one is impossible to track: real IP of a user, only the docker internal IP is logged.
Can you please make it possible to log real IP's?
@imc67 this seems like a packaging bug. I guess I have to set trust proxy IP somewhere. Let me check and get back.
-
@nebulon @girish I'm discovering EspoCRM and really, this is an absolutely fantastic piece of software with lots of (hidden) gems!
However it is also a privacy related app because (of course) mostly used with personal data. Therefore they build in several audit possibilities.
But one is impossible to track: real IP of a user, only the docker internal IP is logged.
Can you please make it possible to log real IP's?
@imc67 DM me if you're interested to follow what I'm doing with it, been working with it for a solid 3 months now, and although it'll be a while before I can publish what I'm working on, happy to share privately.
Are you a power user, or also a coder by any chance? We're working on a fair few core improvements too.
-
Was looking into this but it seems EspoCRM does not use proxy variables - https://github.com/espocrm/espocrm/issues/1928
-
@nebulon @girish I'm discovering EspoCRM and really, this is an absolutely fantastic piece of software with lots of (hidden) gems!
However it is also a privacy related app because (of course) mostly used with personal data. Therefore they build in several audit possibilities.
But one is impossible to track: real IP of a user, only the docker internal IP is logged.
Can you please make it possible to log real IP's?
-
@imc67 DM me if you're interested to follow what I'm doing with it, been working with it for a solid 3 months now, and although it'll be a while before I can publish what I'm working on, happy to share privately.
Are you a power user, or also a coder by any chance? We're working on a fair few core improvements too.
@marcusquinn said in Security audits not possible: real IP not logged:
Are you a power user
A power user
-
@girish I just updated the app but it’s still the docker IP being logged.
Edit: Somehow I needed to update the app 3 times! After the last time it works!
