A community member reports in the Ignite forums that, when using Openfire’s admin console through a reverse proxy, the X-Forwarded-For header content is not used for when recording messages in the security audit logs. They contain messages like these:

security audit logs: “The user logged in successfully to the admin console from address 0:0:0:0:0:0:0:1”

The logs from the reverse proxy show:

/var/log/httpd/access_log: "(null), 192.168.2.192 192.168.2.192 - - [26/Oct/2023:15:24:57 +0530] “GET /audit-policy.jsp HTTP/1.1” 200 26118 “http://192.168.2.118:8009/profile-settings.jsp” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36” "

The desired behavior is that the IP address as recorded in the reverse proxy log (192.168.2.192 in the example above) is used in Openfire’s security log.

It is assumed (but not verified by me) that the expected IP address is indeed added to a X-Forwarded-For HTTP header. The community member reports that the Openfire system property adminConsole.forwarded.enabled is set to true.

The version of Openfire that was used is 4.7.6. I have not tried to reproduce this problem.