Audit Log - Real IP Address


We have deployed our privacyIDEA behind a reverse proxy:

< Client > - < Cloud Load Balancer > - < HA Proxy > - < NGINX >. - - -

HA Proxy is sending the real client IP (header X-Forwarded-For) according NGINX access logs: - - [12/Dec/2023:17:03:48 -0300] “POST /auth HTTP/1.1” 401 755 “” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36 OPR/” “,”

Real IP Address: “”.

But in audit log I can only see the IP address of the reverse proxy: “”.

Is there a way to log in audit log the real IP address?



Just an update, setting the option “Override Authorization Clients” to “” changes the Audit log IP to the load balancer, in front of HA Proxy (

The architecture in fact is:

< Client > - < Cloud Load Balancer > - < HA Proxy > - < NGINX >. - - -


I managed the issue by disabling the “forwardfor” option in HA Proxy, so the “X-Forwarded-For” header only contains one IP (the public one sent by the cloud load balancer). privacyIDEA audit logs capture the last IP from the “X-Forwarded-For” header. The “X-Forwarded-For” header can have more than one address if there is more than one reverse proxy. I believe this issue is more focused on infrastructure than privacyIDEA itself.

1 Like