Incorrect IP Addresss in logon alerts due to loss of X-Real-IP Header

[danpoltawski]

Steps To Reproduce

1. Login with new device
2. Examine email notification of new device IP Address feld

Expected Result

Real IP of logged on device is displayed

Actual Result

IP of internal reverse proxy is displayed

Screenshots or Videos

Additional Context

Previously we were able to get this IP reported correctly due to utilisaiton of the X-Real-IP header, however this appears to have been broken by the changes in #2847.

As I understand it the solution would now be to set the KnownProxies config option, however this is not very easily achievable in our environment as the proxies IP addresses are dynamically allocated in a dedicated 'reverse proxy' subnet and can be added to and removed dynamically.

As per my understanding of the .net side, the ideal solution would be to implement the ability to set KnownNetworks as well as KnownProxies, so we could allocate the entire subnet as proxied.

Alternatively restore the ability to allow us to continue setting a header like X-Real-IP as trusted as this is a regression in functionality.

Build Version

2023.7.0

Environment

Self-Hosted

Environment Details

Docker-swarm based deployment with a caddy-based reverse proxy terminating TLS to the containers.

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[Javed-Patel-wohlig]

hey, if this is not fixed yet I can contribute by fixing this.

[danpoltawski]

I don't believe its fixed