With proxy problems with authentication


We are using the Azure Application Gateway as an proxy to gsad. We are able to logon, but when the next pages wants to load we get a 401.

Logon directly without Application Gateway works fine.

gsad is running: gsad --port=9392 --http-only

Request 1
POST /gmp
200 OK

<envelope><version>21.4.4</version><vendor_version></vendor_version><token>373e892b-aeac-4313-a6f6-3aa8bcb38de1</token><time>Thu May  5 09:28:39 2022 GMT</time><timezone>UTC</timezone><login>admin</login><session>1651757319</session><role>Admin</role><i18n>Browser Language</i18n><client_address></client_address><backend_operation>1651742919.70</backend_operation>(null)</envelope>

gsad gmp:MESSAGE:2022-05-05 09h28.39 GMT:74091: Authentication success for 'admin' from

Request 2
GET /gmp?token=373e892b-aeac-4313-a6f6-3aa8bcb38de1&cmd=get_capabilities
Cookie: GSAD_SID=54acf966-0ce0-4047-8d76-d00814db5463
401 Unauthorized

<envelope><version>21.4.4</version><vendor_version></vendor_version><gsad_response><title>Authentication required: handler_send_reauthentication:476 (GSA 21.4.4)</title><message>Token missing or bad. Please login again.</message><token></token></gsad_response></envelope>

no log entries

What could be the cause of this issue?

Kind regards,

Hello, im still facing this issue. Anybody please?

@bvanh maybe you loadbalancer is stripping out some headers?


@bvanh has also reported the problem here https://github.com/greenbone/gsad/issues/73

1 Like

Solution is posted on this Github issue.

1 Like

Cross-posting the solution from https://github.com/greenbone/gsad/issues/73#issuecomment-1173663620 here for reference:

You could try to send/forward the X-Real-IP header


Most recent systems are only configured to sent a X-Forwarded-For header but gsad (at least currently) requires / only evaluates the X-Real-IP header.