Bug 1939944

Summary: all requests are logged as coming from 127.0.0.1 in production.log
Product: Red Hat Satellite Reporter: Marek Hulan <mhulan>
Component: AuthenticationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Omkar Khatavkar <okhatavk>
Severity: high Docs Contact:
Priority: high    
Version: 6.9.0CC: egolov, mhulan, tbrisker
Target Milestone: 6.9.0Keywords: Regression, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-2.3.1.20-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-21 13:26:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Hulan 2021-03-17 10:42:52 UTC 
Ohai,

this is on EL7 nightly, but I think all puma deploys are affected.

My production.log is full of

<pre>
2021-03-05T08:57:04 [I|app|e0cfbd4f] Started GET "/users/login" for 127.0.0.1 at 2021-03-05 08:57:04 +0000
</pre>

Whereas I'd expect to see the real IP address of the remote system here. Apache logs look correct:

<pre>
192.168.122.1 - - [05/Mar/2021:08:57:04 +0000] "GET /users/login HTTP/1.1" 200 1283 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0"
</pre>
Comment 1 Marek Hulan 2021-03-17 10:42:58 UTC 
Created from redmine issue https://projects.theforeman.org/issues/32019
Comment 2 Marek Hulan 2021-03-17 10:43:00 UTC 
Upstream bug assigned to None
Comment 3 Marek Hulan 2021-03-17 10:49:43 UTC 
The same issue is observed in audits, every audit shows 127.0.0.1 as an IP.

This is of course due to the migration to Puma. There's a more complex fix proposed in this PR which comes with a risk for Katello regressions https://github.com/theforeman/foreman/pull/7960, perhaps we can take a simpler aproach not lowering the security comparing to 6.8 but that needs to be investigated.

I'm raising this with high priority and severity.
Comment 9 errata-xmlrpc 2021-04-21 13:26:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1313