With proxy problems with authentication

Hello,

We are using the Azure Application Gateway as an proxy to gsad. We are able to logon, but when the next pages wants to load we get a 401.

Logon directly without Application Gateway works fine.

gsad is running: gsad --port=9392 --http-only

Request 1
POST /gmp
200 OK
Response:

<envelope><version>21.4.4</version><vendor_version></vendor_version><token>373e892b-aeac-4313-a6f6-3aa8bcb38de1</token><time>Thu May  5 09:28:39 2022 GMT</time><timezone>UTC</timezone><login>admin</login><session>1651757319</session><role>Admin</role><i18n>Browser Language</i18n><client_address>10.60.255.38</client_address><backend_operation>1651742919.70</backend_operation>(null)</envelope>

gsad.log
gsad gmp:MESSAGE:2022-05-05 09h28.39 GMT:74091: Authentication success for 'admin' from 10.60.255.38

Request 2
GET /gmp?token=373e892b-aeac-4313-a6f6-3aa8bcb38de1&cmd=get_capabilities
Cookie: GSAD_SID=54acf966-0ce0-4047-8d76-d00814db5463
401 Unauthorized
Response:

<envelope><version>21.4.4</version><vendor_version></vendor_version><gsad_response><title>Authentication required: handler_send_reauthentication:476 (GSA 21.4.4)</title><message>Token missing or bad. Please login again.</message><token></token></gsad_response></envelope>

gsad.log
no log entries

What could be the cause of this issue?

Kind regards,
Bastiaan

Hello, im still facing this issue. Anybody please?

@bvanh maybe you loadbalancer is stripping out some headers?

Eero

@bvanh has also reported the problem here https://github.com/greenbone/gsad/issues/73

Solution is posted on this Github issue.

Cross-posting the solution from Azure Application Gateway, unable to logon · Issue #73 · greenbone/gsad · GitHub here for reference:

You could try to send/forward the X-Real-IP header

Background:

Most recent systems are only configured to sent a X-Forwarded-For header but gsad (at least currently) requires / only evaluates the X-Real-IP header.