Defect #19834

Login shows internal host/IP to internet public

Added by Jorge S. over 6 years ago. Updated over 6 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Security
Target version:-
Resolution:Invalid Affected version:3.0.3

Description

When setting Require Authentication under Authentication, when you log out, you are redirected to login page, whose URL is:

https://tracker.xxxx.com.ar/login?back_url=http%3A%2F%2Ftracker.intranet.xxxx.com.ar%2F

In another installation, I see also:

https://tracker.xxxx.com.ar/login?back_url=http%3A%2F%2F192.168.1.4%2F

(The private IP).

It must be noted that BOTH installations run with Nginx as Reverse Proxy.

In my case, Nginx is listening on port 80 and based on the host redirects to my server which has Apache2 + Redmine working.

History

#1 Updated by Jorge S. over 6 years ago

nginx config:

server {
listen 80;

server_name
tracker.xxxx.com.ar;
location / {
proxy_pass http://192.168.1.4:8080;
}
}

#2 Updated by Jorge S. over 6 years ago

  • Status changed from New to Resolved

It seems to be a misconfiguration of nginx:

location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}

#3 Updated by Jean-Philippe Lang over 6 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

Thanks for the feedback.

Also available in: Atom PDF