Exlude Vulnerability Scanner IP in Reverse Proxy | Where Scanner IP Is in ( X-Forwarded-For | X-Real-IP )

[0xwarwolf]

Version

2.4.70

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

8

RAM

48

Storage for /

5TB

Storage for /nsm

2TB

Network Traffic Collection

tap

Network Traffic Speeds

Less than 1Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Hello Everyone, Hope you are doing fine.

I'm running SO Standalone . My VA Scanner is OpenVas Greenbone with public IP

Main issue I'm facing right now that I'm unable to find a way to whitelist OpenVas Public IP since I'm using reverse proxy and the IP address for OpenVas is present in X-Forwarded-For and X-Real-IP and source IP is of reverse proxy instead of scanner ip. and im scanning my public facing Infra

Is there a way to whitelist the IP from X-Forwarded-For and X-Real-IP which are present inside message and network.data.decoded

Thanks

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.