Enhanced TCP Ip Properties for logging for SFTP

Manfred Prandini

• May 13, 2024 13:35

• What is the problem that this feature would fix? We run cerberus SFTP behind a reverse proxy solution and for analysis purpos we need to have a log at the reverse proxy solution and of course on cerberus side we have logging configured. Now in the cerberus log we allways see the ip from the reverse proxy and we would like to see directly from where the connection comes without comparing both logs.
• Why is it a problem? This is a problem in multiple factors first for logging purpose and second also the built in geo ip location blocking does not work if there is no support for enhanced tcp ip headers.
• Is there a workaround you currently have for this problem? Yes double logs and use other security featrues from the reverse proxy solution. 
• Do you have a suggestion on how you would like to see the problem fixed? Yes I have a solution to propose as a feature request I would like to have built in enhanced tcp ip header support which can be correctly used from the Cerberus server for logging and for  its built in security features, such as the geo location blocking for ip addresses. I have here an interesting articel from Netscaler how this works: How to Enable Client IP in TCP/IP Option of NetScaler (citrix.com) . I was in contact with Connor and I am sure he will share all the informations from case or request: 1173677
• I believe this is a big problem because we are for sure not the only company who has there sftp server not directly at the internet. 
•  

0

• 

  Connor Woolfolk

  Community Manager

  • May 13, 2024 13:37

  Hello Manfred,

  Thanks so much for taking the time to submit this request! I'll get all of this over to the proper teams for scoping and review, if I need any other information, I will be sure to reach out here, or through a ticket.

  0
• 

  Robert Gneist

  • May 13, 2024 13:56

  hi manfred!

  other cerberus customer here :)

  i just want to comment on your last point in the list: cerberus is designed as *secure* filetransfer, and to be honest, i trust cerberus more than some reverse-proxy implementations out there

  also, if you are using netscaler, i guess that is a more 'valuable/prominent' target than cerberus, meaning that if a 0-day exploit for netscaler is found, it's more likely that netscaler-systems are being "probed" than cerberus 0-day's would be actively probed by adversaries

  but besides that i understand the approach to squeeze another OS-layer inbetween a windows-based application, and then, a feature like this would come in handy in such a deployment

   

  0
• 

  Manfred Prandini

  • May 13, 2024 14:24

  Hi Robert,

  I think there is never enough security and It would for how I understand it just be the support for an enhanced tcp ip header to implement on the server software. 

  The reverse proxy solution does not matter, it can be Kemp, Netscaler, F5, I am pretty sure I am not the only one with this feature request.

  Best regards

  Manfred

  0

Please sign in to leave a comment.