GoAnywhere doesn't log end-user real IP address (XFF)

Modified on Sun, 1 Mar, 2020 at 8:05 AM

Symptom:

In GoAnywhere Services Logs (HTTPS, SFTP) - The 'Remote IP Address' is not the end-user IP address, for example:

That Address is the IP Address of the customer's NLB component (F5, Netscaler etc...) or Firewall NAT address



Cause:

This issue is caused by the way network devices operate and see each-other. Since most Firewalls and/or NLBs will do an Address Translation (NAT), the MFT server will see the NAT address and not the actual IP of the user



Solution:

To handle the above cases in web flows, a X-Forwarded-For header was introduced. The network equipment that is doing the NAT must support XFFotherwise this will not work.

The support for the X-Forward-For header needs to be manually configured on the MFT.

Notice: this capability is supported in versions 6.4.1 and above!


1. Navigate to the installation directory of GoAnywhere MFT and edit the [installDir]/config/system.properties file

2. Add the following to the bottom of the file:

#X-Forward-For support

com.linoma.webClient.xff.proxyPattern=<1st Segment of the IP Address>\\.<2nd Segment of the IP Address>\\.<3rd Segment of the IP Address>\\.<4th Segment of the IP Address>


For example:

  • Specific IP:
    com.linoma.webClient.xff.proxyPattern=192\\.168\\.25\\.1
  • All IPs in the 192.168.0.0 network:
    com.linoma.webClient.xff.proxyPattern=192\\.168\\.\\d{1,3}\\.\\d{1,3} 


4. Restart the GoAnywhere service

5. Verify that in new end-user connections logs - The 'Remote IP Address' is  the end-user IP address, for example:


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article