Last Login IP Not working correctly

[J12934]

The last login ip will show the ip of the LoadBalancer not the IP of the User... 😳

Warning Spoilers:

The challenge to override the Last Login IP will most likely also not work in most cloud setups as the initial Cloud Loadbalancer will most likely strip away the X-Forwarded-For headers set by the user.

[bkimminich]

Should we just turn this challenge off on Docker/Heroku like the dangerous ones?

[J12934]

Mh yeah that might be an option.
But it should probably work correctly on "normal" docker setups right, meaning setups without a loadbalancer in front of it.

[bkimminich]

True ... do you know any way to determine that a load balancer is in front of you...? 🔮

[J12934]

Well they normally set X-Forwareded-For headers 🤷‍♂️
But that would break the challenge 🤦‍♂️

[bkimminich]

Just checked the code of the challenge, and it doesn't use XFF for that matter but the True-Client-IP header. So it should work just fine even behind a load balancer.