AMP icon indicating copy to clipboard operation
AMP copied to clipboard
verified publisher icon CubeCoders

Authentication behind Reverse Proxy is not working

Open xxsuperdreamxx opened this issue 1 year ago • 5 comments

Operating System

Windows Server 2022

AMP Version and Build Date

2.6.0.2 20241030.2

AMP Release Stream

LTS

I confirm that

  • [X] I have searched for an existing bug report for this issue.
  • [X] I am using the latest available version of AMP.
  • [X] my operating system is up-to-date.

Intended Action

During fresh and old setups, I am trying to enable the Webserver.UsingReverseProxy, on enabling it the Authentication breaks and no longer works both on localhost and behind a proxy (IIS in this case). This broke after installing the new Phobos, I did skip the last 3 versions before Phobos as well if that might be of taken notes.

On another note, the ADS is in a Standalone as well not behind any fancy setup

The workaround is for the moment to ignore the Webserver.UsingReverseProxy and use the console as it is, the only inconvenience is the new authentication request on each refresh

Expected Behaviour

The expected behaviour is after the ADS restart and Webserver.UsingReverseProxy the ADS console to initiate the login process, either using the old token or new token with username and Password

Actual Behaviour

The actual behaviour is, the AMP instance throws an Unknown Reason (null) in the frontend and also throws in the Logs:

[23:41:26] [Core Debug/41]        : Task Updating remote sources (Fetching latest configurations...) ended: Finished
[23:41:54] [Core Debug/50]        : Login request from  for admin
[23:41:54] [Core Debug/50]        : Removed expired tokens for user admin.
[23:41:54] [Core Debug/50]        : User admin has 6 tokens
[23:41:55] [Core Warning/50]      : Returned exception from API call Core/Login
[23:41:55] [Core Error/50]        : NullReferenceException
[23:41:55] [Core Error/50]        : [0] (NullReferenceException) : Object reference not set to an instance of an object.
[23:41:55] [Core Error/50]        :    at GSMyAdmin.Authentication.InternalAuth.Authenticate(HttpRequest Request, String Username, String Password, String Token, Boolean TokenRequested)
   at GSMyAdmin.WebServer.WebMethods.Login(HttpRequest request, String username, String password, String token, Boolean rememberMe)
   at GSMyAdmin.WebServer.WebAttributes.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
   at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession Session, JObject Data, String RequestModule, String RequestMethod)

Reproduction

Fresh install of AMP > Setting up and Activating the Instance > Enabling the proxy > Restarting the instance the Authentication is bricked

xxsuperdreamxx avatar Nov 02 '24 00:11 xxsuperdreamxx

I just updated to 2.6.0.6 and I now have this issue......

dl200010 avatar Nov 23 '24 11:11 dl200010

I just updated to 2.6.0.6 and I now have this issue......

As far as I can tell you can safely disable the feature in configs. It seems that everything works fine with the feature disabled. I will post an update in case there is any other issue

xxsuperdreamxx avatar Nov 23 '24 14:11 xxsuperdreamxx

I just updated to 2.6.0.6 and I now have this issue......

As far as I can tell you can safely disable the feature in configs. It seems that everything works fine with the feature disabled. I will post an update in case there is any other issue

Well, there was an approved list of reverse proxy IPs. I had 127.0.0.1 listed on 2.5 without issue. Update to 2.6.0.6 and that became an issue. Removing it fixed my reverse proxy issues.

dl200010 avatar Nov 23 '24 17:11 dl200010

I just updated to 2.6.0.6 and I now have this issue......

As far as I can tell you can safely disable the feature in configs. It seems that everything works fine with the feature disabled. I will post an update in case there is any other issue

Well, there was an approved list of reverse proxy IPs. I had 127.0.0.1 listed on 2.5 without issue. Update to 2.6.0.6 and that became an issue. Removing it fixed my reverse proxy issues.

@IceOfWraith could it be that the whitelist bugging things due to it forwarding the real ip of the user as the proxy server ip? Possibly wrong header parsing? But then again localhost stops working as well and that used to work behind reverse proxy setting

xxsuperdreamxx avatar Nov 23 '24 17:11 xxsuperdreamxx

I just updated to 2.6.0.6 and I now have this issue......

As far as I can tell you can safely disable the feature in configs. It seems that everything works fine with the feature disabled. I will post an update in case there is any other issue

Well, there was an approved list of reverse proxy IPs. I had 127.0.0.1 listed on 2.5 without issue. Update to 2.6.0.6 and that became an issue. Removing it fixed my reverse proxy issues.

@IceOfWraith could it be that the whitelist bugging things due to it forwarding the real ip of the user as the proxy server ip? Possibly wrong header parsing? But then again localhost stops working as well and that used to work behind reverse proxy setting

Well, using localhost:8080 I was able to get in and change settings.

dl200010 avatar Nov 24 '24 01:11 dl200010