Jump to content

albatorsk

Members
  • Content Count

    2
  • Joined

  • Last visited

  1. albatorsk

    Conditional 2FA behind reverse proxy

    Thank you so much for your help! After checking Auditing, I noticed that all requests seemed to be coming from the reverse proxy. So, I took another look at X-Forwarded-For Support under proxy & syslog servers. The mistake I had made was that I had supplied my default gateway IP there, and not my reverse proxy IP. I must have been tired when I set it up, as I didn't even notice it when I wrote the initial message. After changing it to the reverse proxy IP, it works perfectly! All client IPs are logged correctly, and 2FA is now required when signing in from outside of my network. Best regards, Albatorsk
  2. Hi, I'm a happy home user of Passwordstate (PWS), and so far the experience has been very nice. I've exposed my PWS to the internet through the use of an Apache reverse proxy, and that works great. Before I did that, I of course made sure I had 2FA enabled for my user, as only using username and password seemed far too dangerous. This has worked perfectly, but, I've been a bit annoyed by the fact that I needed to use 2FA even when I access my PWS from home. So, reading a bit about it lead me to the Administration -> System Settings -> allowed ip ranges -> Web Site Allowed IP Ranges setting, where I've added my internal network range, and set Authentication Option to Forms and Google Authenticator I've also made sure to specify my Apache reverse proxy IP in Administration -> System Settings -> proxy & syslog servers -> X-Forwarded-For Support. My user account is set to use Use the System Wide Authentication Settings under Web Authentication Option. The Apache reverse proxy is set up to use RemoteIPHeader X-Forwarded-For in the configuration for my PWS site. I can also see my real, remote client IP in the IIS logs after adding the X-Forwarded-For column to the logging options in IIS, so I know it gets through. Signing in to PWS from home works fine, with just username and password now. However, signing in from remote still only requires username and password. I'd like remote sign in to require 2FA. I'm sure I'm missing something, but I can't really see what. Any help would be greatly appreciated. Thank you!
×