Hello,
The IP field in the Auth0 Logs are taking the server IP instead of the client IP since all the actions performed are done through API calls from server.
Is there a way to identify whether the request received has the correct ip address ? When I added console log on server side to check if the header is set in the options, it has the header property auth0-forwarded-for with client ip .
Please find attached the screenshot for the console log. In the dashboard I have also enabled brute force and Trust Token Endpoint IP Header under the OAuth tab.
Can you clarify what you mean by “it is still taking the server IP.”. Where do you see the server IP, e.g. logs (if so, which logs). Also, please ensure you have enabled the Trust Token Endpoint IP Header in your Client Settings:
I have enabled Trust Token Endpoint IP Header for my non interactive client and also enabled Brute Force Detection as mentioned in the documentation. Just to clarify, my requirement is to capture client’s IP in logs(when using server API calls). Please find attached the screenshot of the log, where the IP field has server IP instead of client IP. ![alt text][1]
Thanks for clarifying. We have found the cause for this and have raised this with the engineering team. This is in our backlog to fix, however we cannot commit to an ETA at this stage.
Thanks for clarifying. We have found the cause for this and have raised this with the engineering team. This is in our backlog to fix, however we cannot commit to an ETA at this stage.
Does it says a several failure login will be trusted if it is from different auth0-forwarded-for IP? so the user will not be blocked? even though it is not appear in the log?