HAproxy to BlueIris Authetication issue

[manutech]

Hi all, first post here

I'm in the middle setting up my system to access BlueIris (v5.3.6.1) from the outside, my current setup is as follow:

wan -->> pfSense with HAproxy (SSL offload) and Let's Encrypt --->>BlueIris

BlueIris is set up to require authentication for connection NON-LAN connections , but a soon as put my URL on my phone(with no Wi-Fi) it bypasses authentication straight to the cameras

question:
since initial connection is done from WAN to pfSense HAProxy(encrypted), and then forwards it to BlueIris(unencrypted) , does it thinks that is coming from LAN?


if I enable Authentication from "all connections" it works just I expected , but since I'm using the local AI Tool that uses an URL trigger, I will get issues when I enable the Authentication from "all connections"


Is there a setting that I'm missing or something?

Thanks!

 

[bp2008]

As far as Blue Iris knows, all your connections are coming from the IP address of your proxy server. Try looking in Blue Iris's Status window > Connections tab.

To fix this, enable the "X-Forwarded-For" headers in Blue Iris' web server advanced configuration, and make sure your proxy server is creating that header (it may do this by default, or you may need to look up how to make it do that).

Note there are security implications if you enable the "X-Forwarded-For" header in BI -- while using this setting, don't allow your BI web server to be accessible from the internet except through your reverse proxy server. An attacker could probably spoof the header to grant themselves access to your BI server as if they were on your LAN.

 

[manutech]

Thanks bp2008, checking the box "forwardfor" on the HAProxy frontend settings did the trick, thank you