Announcement

Collapse
No announcement yet.

ipcheck in ox 7.10.1

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ipcheck in ox 7.10.1

    Hi all,
    I'm currently testing ox 7.10.1 and was wondering why I'm always asked for the password after signing in to the ox web interface with the message "Your session is expired" .
    The log file says:
    Request to server denied (IP check activated) for session: 69aa7de835674b619225cf0d7018469e. Client login IP changed from 127.0.0.1 to xx.yy.zz.yy and is not covered by IP white-list or netmask.

    However, in the file /opt/open-xchange/etc/noipcheck.cnf the ip 127.0.0.1 is excluded from the ipcheck.

    Can anybody confirm this issue or is it a miss-configuration in my ox setup?
    Regards Peter

  • #2
    Same here. But no time for troubleshooting yet...

    Comment


    • #3
      So you both have changed something else as well and not just updated I can only assume?

      Did you change settings containing *ipcheck* (case insensitive)? Did you fiddle with Guard?

      Comment


      • #4
        Its a fresh installation with ox 7.10.1 on a single server with only basic configuration, for testing purpose before we upgrade from 7.8.4
        If I disable the IPCheck, everything is working fine. There is also no warning because of a different client IP address?!

        Here is the log with IPCheck activated, maybe you can take a look on it, thanks in advance!

        Cache ''ExternalAccountFolders'' is operating in distributed mode
        com.openexchange.ajax.action=list
        com.openexchange.ajax.module=folders
        com.openexchange.database.schema=oxdatabase_5
        com.openexchange.grizzly.method=POST
        com.openexchange.grizzly.queryString=<none>
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49590
        com.openexchange.grizzly.requestURI=/ajax/login
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/ajax/login
        com.openexchange.grizzly.threadName=OXWorker-0000009
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.hostname=ox.privat
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.login.authId=aba295a02e214cddbd38 a473c9ef3b36
        com.openexchange.login.client=open-xchange-appsuite
        com.openexchange.login.clientIp=10.8.150.55
        com.openexchange.login.login=USER1
        com.openexchange.login.resolvedLogin=USER1
        com.openexchange.login.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.login.version=7.10.1-4
        com.openexchange.request.trackingId=489730493-244865249
        com.openexchange.session.authId=aba295a02e214cddbd 38a473c9ef3b36
        com.openexchange.session.clientId=open-xchange-appsuite
        com.openexchange.session.contextId=1
        com.openexchange.session.loginName=USER1
        com.openexchange.session.sessionId=f6d03172e5f3426 f8c16148c9e42750c
        com.openexchange.session.userId=3
        com.openexchange.session.userName=USER1
        2018-12-07T13:37:41,251+0100 INFO [OXWorker-0000012] com.openexchange.ajax.ipcheck.IPCheckers.kick(IPCh eckers.java:213)
        Request to server denied (IP check activated) for session: f6d03172e5f3426f8c16148c9e42750c. Client login IP changed from 127.0.0.1 to 10.8.150.55 and is not covered by IP white-list or netmask.
        com.openexchange.grizzly.method=GET
        com.openexchange.grizzly.queryString=action=get&ti mezone=utc&session=f6d03172e5f3426f8c16148c9e42750 c
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49620
        com.openexchange.grizzly.requestURI=/ajax/user
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/ajax/user
        com.openexchange.grizzly.threadName=OXWorker-0000012
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.request.trackingId=489730493-244865259
        2018-12-07T13:37:41,338+0100 INFO [OXWorker-0000004] com.openexchange.ajax.SessionUtility.getSession(Se ssionUtility.java:556)
        There is no session associated with session identifier: f6d03172e5f3426f8c16148c9e42750c
        com.openexchange.grizzly.method=GET
        com.openexchange.grizzly.queryString=action=all&ra ngeStart=20181206T230000Z&rangeEnd=20190106T230000 Z&fields=lastModified%2Ccolor%2CcreatedBy%2CendDat e%2Cflags%2Cfolder%2Cid%2Clocation%2CrecurrenceId% 2Crrule%2CseriesId%2CstartDate%2Csummary%2Ctimesta mp%2Ctransp&order=asc&sort=startDate&expand=true&s ession=f6d03172e5f3426f8c16148c9e42750c
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49622
        com.openexchange.grizzly.requestURI=/ajax/chronos
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/ajax/chronos
        com.openexchange.grizzly.threadName=OXWorker-0000004
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.request.trackingId=489730493-244865260
        2018-12-07T13:37:41,391+0100 INFO [OXWorker-0000012] com.openexchange.ajax.SessionUtility.getSession(Se ssionUtility.java:556)
        There is no session associated with session identifier: f6d03172e5f3426f8c16148c9e42750c
        com.openexchange.grizzly.method=PUT
        com.openexchange.grizzly.queryString=action=list&s ession=f6d03172e5f3426f8c16148c9e42750c
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49624
        com.openexchange.grizzly.requestURI=/ajax/jslob
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/ajax/jslob
        com.openexchange.grizzly.threadName=OXWorker-0000012
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.request.trackingId=489730493-244865262
        2018-12-07T13:37:41,670+0100 INFO [OXWorker-0000009] com.openexchange.caching.internal.JCSCache.isLocal (JCSCache.java:221)
        Cache ''OXMessageCache'' is operating in local-only mode
        2018-12-07T13:37:41,803+0100 INFO [OXWorker-0000009] com.openexchange.guard.servlets.GuardServletAction .logAction(GuardServletAction.java:238)
        Command sent "delete_session" from IP 127.0.0.1
        com.openexchange.grizzly.method=PUT
        com.openexchange.grizzly.queryString=action=delete _session&sessionId=a3d1f7ddf918f4dc2c822fba21503aa 274eb1a1f
        com.openexchange.grizzly.remoteAddress=127.0.0.1
        com.openexchange.grizzly.remotePort=49628
        com.openexchange.grizzly.requestURI=/oxguard/login
        com.openexchange.grizzly.serverName=localhost
        com.openexchange.grizzly.servletPath=/oxguard/login
        com.openexchange.grizzly.threadName=OXWorker-0000009
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.request.trackingId=489730493-244865274
        2018-12-07T13:37:41,826+0100 INFO [Thread-14] com.openexchange.capabilities.osgi.CapabilitiesEve ntHandler.handleEvent(CapabilitiesEventHandler.jav a:56)
        Cleared capabilities caches for user 3 in context 1 as last active session was dropped.
        2018-12-07T13:37:42,019+0100 INFO [OXWorker-0000017] com.openexchange.guard.servlets.GuardServletAction .logAction(GuardServletAction.java:238)
        Command sent "login" from IP 10.8.150.55
        com.openexchange.grizzly.method=POST
        com.openexchange.grizzly.queryString=action=login& time=1544186260899&session=f6d03172e5f3426f8c16148 c9e42750c
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49616
        com.openexchange.grizzly.requestURI=/oxguard/login
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/oxguard/login
        com.openexchange.grizzly.threadName=OXWorker-0000017
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.request.trackingId=489730493-244865256
        2018-12-07T13:37:42,020+0100 ERROR [OXWorker-0000017] com.openexchange.guard.servlets.authentication.OXG uardSessionAuthenticationHandler.authenticate(OXGu ardSessionAuthenticationHandler.java:81)
        No valid Guard session for IP 10.8.150.55 for request com.openexchange.http.grizzly.http.servlet.HttpSer vletRequestWrapper@49f1d736.
        com.openexchange.grizzly.method=POST
        com.openexchange.grizzly.queryString=action=login& time=1544186260899&session=f6d03172e5f3426f8c16148 c9e42750c
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49616
        com.openexchange.grizzly.requestURI=/oxguard/login
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/oxguard/login
        com.openexchange.grizzly.threadName=OXWorker-0000017
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.request.trackingId=489730493-244865256
        2018-12-07T13:37:46,857+0100 INFO [OXWorker-0000017] com.openexchange.login.internal.LoginPerformer.log LoginRequest(LoginPerformer.java:691)
        Login:USER1 IP:10.8.150.55 AuthID:4944b57c4f4d4c9f838524c8358d139a Agent:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Clientpen-xchange-appsuite(7.10.1-4) Interface:HTTP_JSON Context:1(1,defaultcontext) User:3(USER1) Session:d5c6fcf127984660a0752d8041e1eb90 Random:00af1898815049a1902d26e71f6871cd Transient:false
        com.openexchange.grizzly.method=POST
        com.openexchange.grizzly.queryString=<none>
        com.openexchange.grizzly.remoteAddress=10.8.150.55
        com.openexchange.grizzly.remotePort=49610
        com.openexchange.grizzly.requestURI=/ajax/login
        com.openexchange.grizzly.serverName=ox.privat
        com.openexchange.grizzly.servletPath=/ajax/login
        com.openexchange.grizzly.threadName=OXWorker-0000017
        com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.localhost.ipAddress=10.4.150.98
        com.openexchange.localhost.version=7.10.1-Rev3
        com.openexchange.login.authId=4944b57c4f4d4c9f8385 24c8358d139a
        com.openexchange.login.client=open-xchange-appsuite
        com.openexchange.login.clientIp=10.8.150.55
        com.openexchange.login.login=USER1
        com.openexchange.login.resolvedLogin=USER1
        com.openexchange.login.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0
        com.openexchange.login.version=7.10.1-4
        com.openexchange.request.trackingId=489730493-244865283
        com.openexchange.session.authId=4944b57c4f4d4c9f83 8524c8358d139a
        com.openexchange.session.clientId=open-xchange-appsuite
        com.openexchange.session.contextId=1
        com.openexchange.session.loginName=USER1
        com.openexchange.session.sessionId=d5c6fcf12798466 0a0752d8041e1eb90
        com.openexchange.session.userId=3
        com.openexchange.session.userName=USER1

        Comment


        • #5
          As I thought. You are using Guard (or at least have it partially included).
          IPCheck needs to be disabled with Guard. There is no other option. And it should be described in the Guard setup documentation (hopefully).

          Comment


          • #6
            Hi,

            had the same issue upgrading from 7.8 to 7.10. IPCheck has to be disabled when running ox-guard. Ironically ox-guard worked with ipcheck enabled in 7.8...

            Comment


            • #7
              Originally posted by markus View Post
              Hi,

              had the same issue upgrading from 7.8 to 7.10. IPCheck has to be disabled when running ox-guard. Ironically ox-guard worked with ipcheck enabled in 7.8...
              If it worked something was broken. By design it just does not work and never should have.

              Comment

              Working...
              X