Changes
This release improves handling of HTTP honeypots behind proxy servers. The live view and logs in the threat feed web interface now display the original client's IP address instead of the proxy server's IP. As before, set <sourceIpHeader>...</sourceIpHeader> in the HTTP honeypot configuration to specify the header your proxy uses for the client IP.
When sourceIpHeader is set on an HTTP honeypot, the logging behavior changes:
- The actual connecting IP (your proxy server) is logged as
remote_ip. - The IP extracted from the header is logged as
source_ip. - Any problems extracting an IP from the header results in
source_ipfalling back to the actual connecting IP. - A new
source_ip_parsedfield indicates whether an IP was extracted from the header. - If parsing fails, a
source_ip_errorfield is included with the error message.
Full Changelog: v0.63.0...v0.64.0
Binaries built with Go 1.24.3 using make all from the project root.