Ryan Smith 375da6eeac feat: log custom header as source IP if set ...

This change updates the logging behavior of the HTTP honeypot. If a custom custom source IP header is configured:
- The actual connecting IP is logged as `remote_ip`.
- The IP extracted from the header is logged as `source_ip`.
- Any problems extracting an IP from the header results in `source_ip` falling back to the actual connecting IP.
- A new `source_ip_parsed` field indicates whether an IP was extrracted from the header.
- If parsing fails, a `source_ip_error` field is included with the error message.

If no custom header is configured, logging behavior remains unchanged.

This change improves usability of the threat feed web interface when you have HTTP honeypots behind a proxy. By logging the original client IP as `source_ip`, the application now correctly displays the actual source of the connection, rather than your proxy's IP address.

2025-05-08 13:45:58 -07:00

..

certutil

refactor: move cert generator to separate package

2025-04-16 07:43:15 -07:00

config

feat: add TLS support to threat feed server

2025-04-16 08:33:36 -07:00

httpserver

feat: log custom header as source IP if set

2025-05-08 13:45:58 -07:00

logmonitor

Add logmonitor package for monitoring writes to log files

2025-03-29 12:18:05 -07:00

logrotate

Explicitly ignore errors from file.Close()

2024-12-27 21:43:48 -08:00

sshserver

chore: revise error strings and comments

2025-04-16 07:35:58 -07:00

stix

Explicitly ignore errors from rand.Read

2025-03-17 14:55:06 -07:00

taxii

Add sightings TAXII collection

2024-12-26 10:05:55 -08:00

tcpserver

Remove threat score feature, replace with observation count

2025-03-20 09:20:15 -07:00

threatfeed

feat(threatfeed): display TLS configuration

2025-04-16 08:51:08 -07:00

udpserver

Use quoted strings when printing certain fields

2024-12-26 11:29:06 -08:00