Passing Remote Client IP to WSUS Server behind Reverse Proxy Server

Question

We have an internet facing WSUS server for our remote windows clients (laptops, remote users, etc..). As an extra layer of protection, we have placed the WSUS server behind a Reverse Proxy server using ARR/URL Rewrite, which proxies the requests to our update URL and forwarding them on to the actual WSUS server.

All seems to work well -- clients are getting update information from WSUS, and are able to download any needed updates.

However, there is a small problem I've noticed recently when trying to use a Patch Manangement solution (From Solarwinds) which essentially sits on top of the WSUS server and can proactively manage the remote clients. If I try to manage a remote client via the patch manager, it is using the IP address of the PROXY server for that client, instead of the client's ACTUAL remote IP address. DNS resolution fails, and authentication fails, presumably because the request is going to the proxy server instead of the remote client.

How can I ensure that the internal WSUS server gets the actual REMOTE IP address of the client?

score 1 · Answer 1 · answered Jan 02 '18 at 09:20

1

I've encountered a similar issue. I found that I needed to configure the proxy server to pass the original source IP Address when forwarding the traffic to the WSUS.

answered Jan 02 '18 at 09:20

Brandon Spell

11
1

score -1 · Answer 2 · answered Feb 26 '22 at 19:55

https://www.cyberciti.biz/faq/nginx-restore-real-ip-address-when-behind-a-reverse-proxy/

   location / {
            proxy_pass https://wsus:443/;
            
            real_ip_header X-Forwarded-For;
            
            proxy_set_header        Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

Passing Remote Client IP to WSUS Server behind Reverse Proxy Server

2 Answers2