On 15/06/2023 15:46, Casey Bodley wrote:
* In case of HTTP via headers like "X-Forwarded-For". This is
apparently supported only for logging the source in the "rgw ops log" ([1])?
Or is this info used also when evaluating the source IP condition within
a bucket policy?
yes, the aws:SourceIp condition key does use the value from
X-Forwarded-For when present
I have an HAProxy in front of the RGWs which has
"option forwardfor" set to add the "X-Forwarded-For" header.
Then the RGWs have "rgw remote addr param = http_x_forwarded_for" set,
according to
https://docs.ceph.com/en/quincy/radosgw/config-ref/#confval-rgw_remote_addr_param
and I also see remote_addr properly logged within the rgw ops log.
But when applying a bucket policy with aws:SourceIp it seems to only
work if I set the internal IP of the HAProxy instance, not the public IP
of the client.
So the actual remote address is NOT used in my case.
Did I miss any config setting anywhere?
Regards and thanks for your help
Christian
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
